There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges.
References
Link | Resource |
---|---|
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032584 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: zte
Published: 2023-12-14T06:46:39.187Z
Updated: 2023-12-14T06:46:39.187Z
Reserved: 2023-02-09T19:47:48.022Z
Link: CVE-2023-25648
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-14T07:15:07.180
Modified: 2023-12-19T19:25:23.710
Link: CVE-2023-25648
JSON object: View
Redhat Information
No data.
CWE