CVE-2023-0213 - OpenCVE

Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
M-files	M-files
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:a:m-files:m-files:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0213/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: M-Files Corporation

Published: 2023-03-29T10:22:45.724Z

Updated: 2023-03-29T10:22:45.724Z

Reserved: 2023-01-11T09:26:15.276Z

Link: CVE-2023-0213

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-03-29T11:15:07.033

Modified: 2023-04-05T02:08:08.250

Link: CVE-2023-0213

JSON object: View

Redhat Information

No data.

CWE

CWE-427

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-0213", "assignerOrgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410", "state": "PUBLISHED", "assignerShortName": "M-Files Corporation", "dateReserved": "2023-01-11T09:26:15.276Z", "datePublished": "2023-03-29T10:22:45.724Z", "dateUpdated": "2023-03-29T10:22:45.724Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "M-Files", "vendor": "M-Files", "versions": [{"lessThan": "22.6", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Alexander Staalgaard"}], "datePublic": "2023-03-29T10:01:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking."}], "value": "Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "No publicly available exploit."}], "value": "No publicly available exploit."}], "impacts": [{"capecId": "CAPEC-471", "descriptions": [{"lang": "en", "value": "CAPEC-471 Search Order Hijacking"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410", "shortName": "M-Files Corporation", "dateUpdated": "2023-03-29T10:22:45.724Z"}, "references": [{"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0213/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to version 22.6 or newer."}], "value": "Update to version 22.6 or newer."}], "source": {"discovery": "EXTERNAL"}, "title": "Local Elevation of Privilege in M-Files", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}