CVE-2023-29444
CVSS 3.1 Score 7.3 of 10 (high)
Details
Summary
CVE-2023-29444 is a newly identified vulnerability that permits a locally authenticated attacker to escalate privileges to SYSTEM level. This issue stems from an uncontrolled search path element, also known as DLL hijacking. By exploiting this vulnerability, an adversary can manipulate the system's DLL loading mechanism and inject malicious code, thereby gaining elevated access. Alternatively, they could distribute a trojanized version of the software, tricking users into downloading and installing the malicious version, which leads to initial access and code execution.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- PTC Kepware KEPServerEX
Affected Vendors
- PTC Inc