VX Search 13.8 Unquoted Service Path

2023.03.12

Credit: Thurein Soe

Risk: Medium

Local: Yes

Remote: No

CVE: CVE-2023-24671

CWE: CWE-428

Executive Summary:

Product Name: VX Search
Vendor Home Page:  https://www.vxsearch.com/
Affected Version(s): VX Search v13.8
Fixed Version: all versions later v13.8
Vulnerability Type: Unquoted Search Path (CWE-428)
CVE Reference: CVE-2023-24671
Credit: Thurein Soe


Vendor Description:

VX Search is an automated, rule-based file search solution allowing one to
search files by file type, category, file name, size, location, extension,
regular expressions, text and binary patterns.

Vulnerability description:
VX Search v13.8 was discovered to contain an unquoted service path
vulnerability which allows attackers to execute arbitrary commands.
However, this could not lead to a fully local privilege escalation attack.

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

VX Search 13.8 Unquoted Service Path

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

VX Search 13.8 Unquoted Service Path

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.