cve-2023-5936
Vulnerability from cvelistv5
Published
2024-05-15 16:04
Modified
2024-08-02 08:14
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
7.3 (High) - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
EPSS score ?
Summary
On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges.
By tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nozomi Networks | Arc |
Version: 0 ≤ |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:nozominetworks:arc:1.6.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "arc", vendor: "nozominetworks", versions: [ { lessThan: "1.6.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-5936", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-15T17:50:47.376084Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-06T13:02:58.245Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T08:14:25.124Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.nozominetworks.com/NN-2023:14-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", "MacOS", ], product: "Arc", vendor: "Nozomi Networks", versions: [ { lessThan: "1.6.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "This issue was found by Diego Giubertoni of Nozomi Networks Security Research team during an internal penetration testing session.", }, ], datePublic: "2024-05-15T16:04:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<div><div><div>On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges.</div></div><div><div>By tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges.</div></div></div>", }, ], value: "On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges.\n\n\n\nBy tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges.", }, ], impacts: [ { capecId: "CAPEC-180", descriptions: [ { lang: "en", value: "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "PRESENT", attackVector: "LOCAL", baseScore: 7.3, baseSeverity: "HIGH", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "HIGH", subConfidentialityImpact: "HIGH", subIntegrityImpact: "HIGH", userInteraction: "PASSIVE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-732", description: "CWE-732 Incorrect Permission Assignment for Critical Resource", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-28T12:20:16.824Z", orgId: "bec8025f-a851-46e5-b3a3-058e6b0aa23c", shortName: "Nozomi", }, references: [ { url: "https://security.nozominetworks.com/NN-2023:14-01", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<div><div>Upgrade to v1.6.0 or later.</div></div>", }, ], value: "Upgrade to v1.6.0 or later.", }, ], source: { discovery: "INTERNAL", }, title: "Unsafe temporary data privileges on Unix systems in Arc before v1.6.0", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "bec8025f-a851-46e5-b3a3-058e6b0aa23c", assignerShortName: "Nozomi", cveId: "CVE-2023-5936", datePublished: "2024-05-15T16:04:58.720Z", dateReserved: "2023-11-02T15:59:49.270Z", dateUpdated: "2024-08-02T08:14:25.124Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2023-5936\",\"sourceIdentifier\":\"prodsec@nozominetworks.com\",\"published\":\"2024-05-15T16:15:09.350\",\"lastModified\":\"2024-11-21T08:42:48.817\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges.\\n\\n\\n\\nBy tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges.\"},{\"lang\":\"es\",\"value\":\"En sistemas Unix (Linux, MacOS), Arc utiliza un archivo temporal con privilegios inseguros. Al alterar dicho archivo, un usuario local malicioso en el sistema puede desencadenar la ejecución de código arbitrario con privilegios de root.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"prodsec@nozominetworks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"PASSIVE\",\"vulnerableSystemConfidentiality\":\"HIGH\",\"vulnerableSystemIntegrity\":\"HIGH\",\"vulnerableSystemAvailability\":\"HIGH\",\"subsequentSystemConfidentiality\":\"HIGH\",\"subsequentSystemIntegrity\":\"HIGH\",\"subsequentSystemAvailability\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"NOT_DEFINED\",\"recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"prodsec@nozominetworks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"prodsec@nozominetworks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"references\":[{\"url\":\"https://security.nozominetworks.com/NN-2023:14-01\",\"source\":\"prodsec@nozominetworks.com\"},{\"url\":\"https://security.nozominetworks.com/NN-2023:14-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.nozominetworks.com/NN-2023:14-01\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T08:14:25.124Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-5936\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-15T17:50:47.376084Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:nozominetworks:arc:1.6.0:*:*:*:*:*:*:*\"], \"vendor\": \"nozominetworks\", \"product\": \"arc\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-15T17:52:41.415Z\"}}], \"cna\": {\"title\": \"Unsafe temporary data privileges on Unix systems in Arc before v1.6.0\", \"source\": {\"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"This issue was found by Diego Giubertoni of Nozomi Networks Security Research team during an internal penetration testing session.\"}], \"impacts\": [{\"capecId\": \"CAPEC-180\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Nozomi Networks\", \"product\": \"Arc\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.6.0\", \"versionType\": \"semver\"}], \"platforms\": [\"Linux\", \"MacOS\"], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Upgrade to v1.6.0 or later.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"<div><div>Upgrade to v1.6.0 or later.</div></div>\", \"base64\": false}]}], \"datePublic\": \"2024-05-15T16:04:00.000Z\", \"references\": [{\"url\": \"https://security.nozominetworks.com/NN-2023:14-01\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges.\\n\\n\\n\\nBy tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"<div><div><div>On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges.</div></div><div><div>By tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges.</div></div></div>\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-732\", \"description\": \"CWE-732 Incorrect Permission Assignment for Critical Resource\"}]}], \"providerMetadata\": {\"orgId\": \"bec8025f-a851-46e5-b3a3-058e6b0aa23c\", \"shortName\": \"Nozomi\", \"dateUpdated\": \"2024-05-28T12:20:16.824Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2023-5936\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T08:14:25.124Z\", \"dateReserved\": \"2023-11-02T15:59:49.270Z\", \"assignerOrgId\": \"bec8025f-a851-46e5-b3a3-058e6b0aa23c\", \"datePublished\": \"2024-05-15T16:04:58.720Z\", \"assignerShortName\": \"Nozomi\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.