CVE-2023-41776

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-41776
There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zte:zxcloud_irai_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxcloud_irai:-:*:*:*:*:*:*:*
History

09 Jan 2024, 20:01

Type Values Removed Values Added
CWE CWE-269
CPE cpe:2.3:o:zte:zxcloud_irai_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxcloud_irai:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
References () https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 - () https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 - Vendor Advisory
First Time Zte zxcloud Irai Firmware
Zte
Zte zxcloud Irai

03 Jan 2024, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-03 02:15

Updated : 2024-02-28 20:54

NVD link : CVE-2023-41776

Mitre link : CVE-2023-41776

CVE.ORG link : CVE-2023-41776

JSON object : View

Products Affected

zte

  • zxcloud_irai_firmware
  • zxcloud_irai
CWE
CWE-269

Improper Privilege Management

CWE-732

Incorrect Permission Assignment for Critical Resource