CVE-2023-29444

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Jan 10, 2024
Updated: Jan 19, 2024
CWE ID 427

Summary

CVE-2023-29444 is a newly identified vulnerability that permits a locally authenticated attacker to escalate privileges to SYSTEM level. This issue stems from an uncontrolled search path element, also known as DLL hijacking. By exploiting this vulnerability, an adversary can manipulate the system's DLL loading mechanism and inject malicious code, thereby gaining elevated access. Alternatively, they could distribute a trojanized version of the software, tricking users into downloading and installing the malicious version, which leads to initial access and code execution.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • PTC Kepware KEPServerEX

Affected Vendors

  • PTC Inc