CVE-2023-44120

A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q4). The affected product's sudo configuration permits the local administrative account to execute several entries as root user. This could allow an authenticated local attacker to inject arbitrary code and gain root access.

Published: Jan 9, 2024
Updated: Jan 10, 2024
CVE: CVE-2023-44120
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-732

Affected Software
References

Software	From	Fixed in
siemens / spectrum_power_7	-	23q4

https://cert-portal.siemens.com/productcert/pdf/ssa-786191.pdf

Vulnerability Database

289,599

CVE-2023-44120