Sign-up

ID

VAR-202401-0199


CVE

CVE-2023-44120


DESCRIPTION

A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q4). The affected product's sudo configuration permits the local administrative account to execute several entries as root user. This could allow an authenticated local attacker to inject arbitrary code and gain root access.

Trust: 1.0

sources: NVD: CVE-2023-44120

AFFECTED PRODUCTS

vendor:siemensmodel:spectrum power 7scope:ltversion:23q4

Trust: 1.0

sources: NVD: CVE-2023-44120

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2023-44120
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2023-44120
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2023-44120

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.0

sources: NVD: CVE-2023-44120

EXTERNAL IDS

db:SIEMENSid:SSA-786191

Trust: 1.0

db:NVDid:CVE-2023-44120

Trust: 1.0

sources: NVD: CVE-2023-44120

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-786191.pdf

Trust: 1.0

sources: NVD: CVE-2023-44120

SOURCES

db:NVDid:CVE-2023-44120

LAST UPDATE DATE

2024-08-14T15:10:23.200000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2023-44120date:2024-01-16T15:36:11.773

SOURCES RELEASE DATE

db:NVDid:CVE-2023-44120date:2024-01-09T10:15:15.613