Main Vulnerability Database Vulnerabilities #VU84681

Incorrect default permissions in ViewPower - CVE-2023-51579

Published: December 22, 2023

Vulnerability identifier: #VU84681

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-51579

CWE-ID: CWE-276

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
ViewPower

Software vendor:
Voltronic Power

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files and folders that are set by the product installer. A local user with access to the system can view contents of files and directories or modify them.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.zerodayinitiative.com/advisories/ZDI-23-1885/

Incorrect default permissions in ViewPower - CVE-2023-51579

Description

Remediation

External links

Please verify you're human