Incorrect Privilege Assignment in Wacom Drivers for Windows - CVE-2023-32162

 

Incorrect Privilege Assignment in Wacom Drivers for Windows - CVE-2023-32162

Published: May 30, 2023


Vulnerability identifier: #VU76623
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-32162
CWE-ID: CWE-266
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Wacom
Affected software:
Wacom Drivers for Windows

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect permissions when handling the WacomInstallI.txt file by the PrefUtil.exe utility, which leads to security restrictions bypass and privilege escalation.


How to mitigate CVE-2023-32162

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources