Vulnerability Details : CVE-2023-42128
Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this vulnerability in that the target must acquire data from a malicious mobile device.
The specific flaw exists within the Android device image acquisition functionality. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-21255.
Vulnerability category: Execute code
Products affected by CVE-2023-42128
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2023-42128
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 30 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-42128
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.0
|
HIGH | CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.1
|
5.9
|
Zero Day Initiative | 2024-05-03 |
CWE ids for CVE-2023-42128
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: zdi-disclosures@trendmicro.com (Secondary)
References for CVE-2023-42128
-
https://www.zerodayinitiative.com/advisories/ZDI-23-1533/
ZDI-23-1533 | Zero Day Initiative
Jump to