CVE-2023-31747

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

W

ondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges.

References

Link	Resource
http://filmora.com	Not Applicable
http://wondershare.com	Product
https://packetstormsecurity.com/files/172464/Filmora-12-Build-1.0.0.7-Unquoted-Service-Path.html	Exploit Third Party Advisory VDB Entry
http://filmora.com	Not Applicable
http://wondershare.com	Product
https://packetstormsecurity.com/files/172464/Filmora-12-Build-1.0.0.7-Unquoted-Service-Path.html	Exploit Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:wondershare:filmora:12:*:*:*:*:*:*:*

History

21 Nov 2024, 08:02

Type	Values Removed	Values Added
References	~~() http://filmora.com - Not Applicable~~	() http://filmora.com - Not Applicable
References	~~() http://wondershare.com - Product~~	() http://wondershare.com - Product
References	~~() https://packetstormsecurity.com/files/172464/Filmora-12-Build-1.0.0.7-Unquoted-Service-Path.html - Exploit, Third Party Advisory, VDB Entry~~	() https://packetstormsecurity.com/files/172464/Filmora-12-Build-1.0.0.7-Unquoted-Service-Path.html - Exploit, Third Party Advisory, VDB Entry

Information

Published : 2023-05-23 23:15

Updated : 2025-01-21 19:15

NVD link : CVE-2023-31747

Mitre link : CVE-2023-31747

CVE.ORG link : CVE-2023-31747

JSON object : View

Products Affected

wondershare

filmora

CWE

CWE-428

Unquoted Search Path or Element

{"id": "CVE-2023-31747", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-05-23T23:15:09.270", "references": [{"url": "http://filmora.com", "tags": ["Not Applicable"], "source": "[email protected]"}, {"url": "http://wondershare.com", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://packetstormsecurity.com/files/172464/Filmora-12-Build-1.0.0.7-Unquoted-Service-Path.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "http://filmora.com", "tags": ["Not Applicable"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://wondershare.com", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://packetstormsecurity.com/files/172464/Filmora-12-Build-1.0.0.7-Unquoted-Service-Path.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-428"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-428"}]}], "descriptions": [{"lang": "en", "value": "Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges."}], "lastModified": "2025-01-21T19:15:10.737", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wondershare:filmora:12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F7098E8-BF38-41A1-8F5E-4243F9660F1E"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}