{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2023-41780", "ASSIGNER": "psirt@zte.com.cn", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the \u00a0program \u00a0failed to adequately validate the user's input, an attacker could exploit this vulnerability \u00a0to escalate local privileges.\n\n\n" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "ZTE", "product": { "product_data": [ { "product_name": "ZXCLOUD iRAI", "version": { "version_data": [ { "version_affected": "<=", "version_name": "All versions up to 7.23.23", "version_value": "7.23.23" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404", "refsource": "MISC", "name": "https://https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404" } ] }, "generator": { "engine": "Vulnogram 0.1.0-dev" }, "source": { "discovery": "EXTERNAL" }, "solution": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "7.23.32" } ], "value": "7.23.32" } ], "impact": { "cvss": [ { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ] } }