CVE-2023-52952

CVSS 3.1 Score 8.5 of 10 (high)

Details

Published Oct 8, 2024
CWE ID 424

Summary

CVE-2023-52952 is a vulnerability affecting several HiMed Cockpit products, specifically versions 11.5.1 to 11.6.2 of HiMed Cockpit 12 pro, HiMed Cockpit 14 pro+, HiMed Cockpit 18 pro, and HiMed Cockpit 18 pro+. This flaw exists in the Kiosk Mode, allowing an unauthenticated local attacker to escape from the restricted desktop environment and access the underlying operating system. The severity of the vulnerability is rated as high, with a CVSS base score of 8.5, indicating potential for significant impact on availability despite low integrity and confidentiality impact. Remediation involves upgrading to versions beyond V11.6.2 to mitigate the risk associated with this escape vulnerability. Organizations using these products may face elevated risks if exploited, including potential disruption of operations due to unauthorized access.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share