nvd-json-data-feeds/CVE-2023/CVE-2023-59xx/CVE-2023-5936.json

{
  "id": "CVE-2023-5936",
  "sourceIdentifier": "prodsec@nozominetworks.com",
  "published": "2024-05-15T16:15:09.350",
  "lastModified": "2024-05-28T13:15:10.503",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges.\n\n\n\nBy tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges."
    },
    {
      "lang": "es",
      "value": "En sistemas Unix (Linux, MacOS), Arc utiliza un archivo temporal con privilegios inseguros. Al alterar dicho archivo, un usuario local malicioso en el sistema puede desencadenar la ejecuci\u00f3n de c\u00f3digo arbitrario con privilegios de root."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "prodsec@nozominetworks.com",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "privilegesRequired": "LOW",
          "userInteraction": "PASSIVE",
          "vulnerableSystemConfidentiality": "HIGH",
          "vulnerableSystemIntegrity": "HIGH",
          "vulnerableSystemAvailability": "HIGH",
          "subsequentSystemConfidentiality": "HIGH",
          "subsequentSystemIntegrity": "HIGH",
          "subsequentSystemAvailability": "HIGH",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirements": "NOT_DEFINED",
          "integrityRequirements": "NOT_DEFINED",
          "availabilityRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
          "safety": "NOT_DEFINED",
          "automatable": "NOT_DEFINED",
          "recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED",
          "baseScore": 7.3,
          "baseSeverity": "HIGH"
        }
      }
    ],
    "cvssMetricV31": [
      {
        "source": "prodsec@nozominetworks.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "prodsec@nozominetworks.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://security.nozominetworks.com/NN-2023:14-01",
      "source": "prodsec@nozominetworks.com"
    }
  ]
}