Today > 1 Critical | 6 High | 24 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2023-5935

May 15, 2024, 4:40 p.m.

CVSS Score

7.4 / 10

Product(s) Impacted

Arc

Description

When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the configuration process. Such web interface lacks authentication and may thus be abused by a local attacker or malware running on the machine itself. A malicious local user or process, during a window of opportunity when the local web interface is active, may be able to extract sensitive information or change Arc's configuration. This could also lead to arbitrary code execution if a malicious update package is installed.

Weaknesses

Date

Published: May 15, 2024, 4:15 p.m.

Last Modified: May 15, 2024, 4:40 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

prodsec@nozominetworks.com

CVSS Data

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score
7.4
Exploitability Score
Impact Score
Base Severity
HIGH
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References

https://security.nozominetworks.com/ prodsec@nozominetworks.com