Main Vulnerability Database Vulnerabilities #VU76059

Improper Authorization in Vuforia Studio - CVE-2023-29152

Published: May 12, 2023

Vulnerability identifier: #VU76059

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-29152

CWE-ID: CWE-285

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Vuforia Studio

Software vendor:
PTC

Description

The vulnerability allows a remote user to bypass authorization checks.

The vulnerability exists due to improper authorization. A remote administrator can change the filename parameter in the request and delete any file with the permissions of the Vuforia server account.

Remediation

Install updates from vendor's website.

External links

https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13

Improper Authorization in Vuforia Studio - CVE-2023-29152

Description

Remediation

External links

Please verify you're human