CVE-2023-47270

high

Description

A vulnerability in the Plantronics Hub updater system, if exploited, could allow an unprivileged local attacker to set any permissions on arbitrary files on an affected device. This in turn could be exploited to execute arbitrary code as the Microsoft Windows SYSTEM account by overwriting existing binaries that are executed with SYSTEM privileges as part of the normal operation of the device. The vulnerability is due to a race condition in the Plantronics Hub updater.

Details

Source: Mitre, NVD

Published: 2023-12-28

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

Detections

Analytics