CVE-2023-28129
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Aug 10, 2023
Updated: Oct 18, 2023
Summary
CVE-2023-28129 is a vulnerability affecting DSM 2022.2 and earlier versions. This issue grants local low privileged accounts the ability to execute arbitrary OS commands as the DSM software installation user, posing a significant security risk. Exploitation of this vulnerability could result in unauthorized system access and potential data breaches. It is recommended that users upgrade to a patched version of DSM to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Ivanti Software Inc.