CVE Vulnerabilities

CVE-2023-41966

Privilege Defined With Unsafe Actions

Published: Oct 26, 2023 | Modified: Nov 21, 2024
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter.

Weakness

A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

Affected Software

Name Vendor Start Version End Version
Analog_fm_transmitter_exc5000gx_firmware Sielco - (including) - (including)

Potential Mitigations

References