Vulnerability Details : CVE-2023-40361
Potential exploit
SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user on the system has write permission for previewRm.sh, which is executed by the root user.
Products affected by CVE-2023-40361
- cpe:2.3:a:secudos:qiata:4.13:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-40361
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 7 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-40361
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2023-40361
-
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-40361
-
https://github.com/vianic/CVE-2023-40361/blob/main/advisory/advisory.md
CVE-2023-40361/advisory/advisory.md at main · vianic/CVE-2023-40361 · GitHubExploit;Third Party Advisory
Jump to