CVE-2024-23847

Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/jp/JVN17680667/
https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html
https://www.yrl.com/fwp_support/info/khvu7f00000007j8.html
https://www.yrl.com/fwp_support/info/khvu7f0000000auf.html
https://jvn.jp/en/jp/JVN17680667/
https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html

Configurations

No configuration.

History

08 Apr 2025, 05:15

Type	Values Removed	Values Added
References		() https://www.yrl.com/fwp_support/info/khvu7f00000007j8.html - () https://www.yrl.com/fwp_support/info/khvu7f0000000auf.html -
Summary	(en) Incorrect default permissions issue exists in Unifier and Unifier Cast Version.5.0 or later, and the patch "20240527" not applied. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be modified or deleted.	(en) Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted.

Information

Published : 2024-05-31 06:15

Updated : 2025-04-08 05:15

NVD link : CVE-2024-23847

Mitre link : CVE-2024-23847

CVE.ORG link : CVE-2024-23847

JSON object : View

Products Affected

No product.

CWE

CWE-276

Incorrect Default Permissions

{"id": "CVE-2024-23847", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.5}]}, "published": "2024-05-31T06:15:10.070", "references": [{"url": "https://jvn.jp/en/jp/JVN17680667/", "source": "vultures@jpcert.or.jp"}, {"url": "https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html", "source": "vultures@jpcert.or.jp"}, {"url": "https://www.yrl.com/fwp_support/info/khvu7f00000007j8.html", "source": "vultures@jpcert.or.jp"}, {"url": "https://www.yrl.com/fwp_support/info/khvu7f0000000auf.html", "source": "vultures@jpcert.or.jp"}, {"url": "https://jvn.jp/en/jp/JVN17680667/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "vultures@jpcert.or.jp", "description": [{"lang": "en", "value": "CWE-276"}]}, {"type": "Primary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted."}, {"lang": "es", "value": "Existe un problema de permisos predeterminados incorrectos en Unifier y Unifier Cast versi\u00f3n 5.0 o posterior, y el parche \"20240527\" no se aplic\u00f3. Si se explota esta vulnerabilidad, se puede ejecutar c\u00f3digo arbitrario con privilegios LocalSystem. Como resultado, se puede instalar un programa malicioso y se pueden modificar o eliminar datos."}], "lastModified": "2025-04-08T05:15:37.357", "sourceIdentifier": "vultures@jpcert.or.jp"}