CVE-2023-31462

{"id": "CVE-2023-31462", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-07-20T18:15:11.970", "references": [{"url": "https://steelseries.com/gg", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.akamai.com/blog/security-research/exploit-steelseries-subapp-privilege-escalation", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger code execution with higher privileges."}], "lastModified": "2024-10-28T18:35:01.280", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:steelseries:gg:36.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE8875F6-428E-43E7-AE6B-3CAE4FA03780"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}