CVE-2023-28129

{"id": "CVE-2023-28129", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-08-10T20:15:09.657", "references": [{"url": "https://forums.ivanti.com/s/article/SA-2023-07-26-CVE-2023-28129", "tags": ["Vendor Advisory"], "source": "support@hackerone.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installation user."}], "lastModified": "2023-10-18T04:15:10.807", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ivanti:desktop_\\&_server_management:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBF00DFF-E7C5-4391-BEE1-16C478D224C7", "versionEndExcluding": "2022.2"}, {"criteria": "cpe:2.3:a:ivanti:desktop_\\&_server_management:2022.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BD5B572-B592-4203-A662-36AB51C98502"}, {"criteria": "cpe:2.3:a:ivanti:desktop_\\&_server_management:2022.2:su1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B8C2904-6102-4DB6-8F92-055B64EB51DB"}, {"criteria": "cpe:2.3:a:ivanti:desktop_\\&_server_management:2022.2:su2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8877B87-3C5D-4CAA-8A6F-738F46A19A6A"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}