CVE-2023-3438

Published at:
2023-07-03T08:15:09.670
Source: [email protected]

Global infos:

An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services.

CVE Status: Modified

References:

  • [email protected]
  • af854a3a-2127-422b-91ae-364da2661108
    •

    Metrics:

    AttributeValue
    Attack ComplexityLOW
    Attack VectorLOCAL
    Availability ImpactHIGH
    Base Score4.4
    Base SeverityMEDIUM
    Confidentiality ImpactNONE
    Integrity ImpactNONE
    Privileges RequiredHIGH
    ScopeUNCHANGED
    User InteractionNONE
    Vector StringCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
    Exploitability Score0.8
    Impact Score3.6
    Source[email protected]
    TypeSecondary

    Links:

    Exploit-db
    Github

    Most recherched CVEs
    Popular Keywords