CVE-2023-7093

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Dec 25, 2023

Updated: May 17, 2024

CWE ID 78

Summary

CVE-2023-7093 is a critical vulnerability affecting KylinSoft's kylin-system-updater up to version 2.0.5.16-0k2.33. This issue lies within an unknown function of the /usr/share/kylin-system-updater/SystemUpdater/UpgradeStrategiesDbus.py file in the com.kylin.systemupgrade Service. Manipulation of the SetDownloadspeedMax argument triggers os command injection, requiring an attacker to be present locally. The vulnerability, also known as VDB-248940, has been publicly disclosed, and the exploit is available. Despite early notification, the vendor has not responded to the disclosure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t6N6VP
https://www.cve.org/CVERecord?id=CVE-2023-7093
https://nvd.nist.gov/vuln/detail/CVE-2023-7093

Back to Vulnerability Database

CVE-2023-7093

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations