CVE-2023-42739

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Dec 4, 2023
Updated: Dec 7, 2023
CWE ID 862

Summary

CVE-2023-42739 is a newly disclosed vulnerability affecting the engineermode service. The issue lies in a missing permission check within this service, enabling an attacker to manipulate permission usage records of an application. By exploiting this weakness, a local privilege escalation can be achieved without requiring any additional execution privileges. This vulnerability poses a significant risk to systems and applications utilizing the engineermode service, necessitating immediate attention and remediation efforts.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share