CVE-2023-22282

CVSS 7.3 HIGHEPSS 0.2%CWE-428

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

11 Apr 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected products

ELECOM CO.,LTD. · WAB-MAT

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://jvn.jp/en/jp/JVN35246979/https://www.elecom.co.jp/news/security/20230324-01/