CVE-2023-5593

{"id": "CVE-2023-5593", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@zyxel.com.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-11-20T12:15:09.180", "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-out-of-bounds-write-vulnerability-in-secuextender-ssl-vpn-client-software", "tags": ["Patch", "Vendor Advisory"], "source": "security@zyxel.com.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@zyxel.com.tw", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "The out-of-bounds write vulnerability in the Windows-based SecuExtender SSL VPN Client software version 4.0.4.0 could allow an authenticated local user to gain a privilege escalation by sending a crafted CREATE message."}, {"lang": "es", "value": "La vulnerabilidad de escritura fuera de los l\u00edmites en la versi\u00f3n 4.0.4.0 del software SecuExtender SSL VPN Client basado en Windows podr\u00eda permitir que un usuario local autenticado obtenga una escalada de privilegios enviando un mensaje CREATE manipulado."}], "lastModified": "2023-11-30T15:14:15.033", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zyxel:secuextender_ssl_vpn:4.0.4.0:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "46B6221D-7167-4AFF-9E26-6AE88C983EB9"}], "operator": "OR"}]}], "sourceIdentifier": "security@zyxel.com.tw"}