CVE-2023-28123

Published Apr 19, 2023

Last updated 2 years ago

Overview

Description: A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later.
Source: support@hackerone.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-732
support@hackerone.com: CWE-732

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ui:desktop:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3FA2EBE5-1998-49C5-BB38-7886DB115E47",
            "versionEndExcluding": "0.62.3.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References