There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a "C:\Program Files\Sherpa Software\Sherpa.exe" file.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/166574/Sherpa-Connector-Service-2020.2.20328.2050-Unquoted-Service-Path.html | Exploit Third Party Advisory VDB Entry |
https://github.com/netsectuna/CVE-2022-23909 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-04-05T05:49:17
Updated: 2022-04-07T10:16:00
Reserved: 2022-01-24T00:00:00
Link: CVE-2022-23909
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-05T06:15:06.870
Modified: 2022-04-12T20:58:03.533
Link: CVE-2022-23909
JSON object: View
Redhat Information
No data.
CWE