CVE-2023-20754
Global infos:
In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07563028; Issue ID: ALPS07588343.
CVE Status: Modified
References:
Metrics:
| Attribute | Value |
|---|---|
| Attack Complexity | LOW |
| Attack Vector | LOCAL |
| Availability Impact | HIGH |
| Base Score | 6.7 |
| Base Severity | MEDIUM |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Privileges Required | HIGH |
| Scope | UNCHANGED |
| User Interaction | NONE |
| Vector String | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Exploitability Score | 0.8 |
| Impact Score | 5.9 |
| Source | [email protected] |
| Type | Primary |