CVE-2023-51641

CVSS 3.0 Score 9.8 of 10 (critical)

Details

Published Nov 22, 2024
CWE ID 502

Summary

CVE-2023-51641 is a Remote Code Execution vulnerability affecting Allegra's renderFieldMatch method. This issue arises due to insufficient validation of user-supplied data, enabling deserialization of untrusted data. Consequently, remote attackers can exploit this flaw to execute arbitrary code, gaining LOCAL SERVICE privileges. Despite requiring authentication, the product's registration mechanism can be exploited to create malicious users with sufficient privileges. This vulnerability, identified as ZDI-CAN-22505, poses a significant threat to affected Allegra installations.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share