CVE-2023-6407

Published Dec 14, 2023

Last updated a year ago

CVSS high 7.1

Overview

Description: A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker.
Source: cybersecurity@se.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.1
Impact score: 5.2
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Severity: HIGH

Weaknesses

cybersecurity@se.com: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "A045AC0A-471E-444C-B3B0-4CABC23E8CFB"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*",
            "vulnerable": false,
            "matchCriteriaId": "28A7FEE9-B473-48A0-B0ED-A5CC1E44194C"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*",
            "vulnerable": false,
            "matchCriteriaId": "F2D718BD-C4B7-48DB-BE78-B9CA22F27DD0"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "0C3552E0-F793-4CDD-965D-457495475805"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:schneider-electric:easy_ups_online_monitoring_software:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "717BACD7-C79C-4CC1-B003-6377C26386D7",
            "versionEndExcluding": "2.6-ga-01-23248"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References