CVE-2023-41780

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404", "name": "https://https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404", "tags": ["Broken Link", "Vendor Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the \u00a0program \u00a0failed to adequately validate the user's input, an attacker could exploit this vulnerability \u00a0to escalate local privileges.\n\n\n"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-427"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-41780", "ASSIGNER": "psirt@zte.com.cn"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}}, "publishedDate": "2024-01-03T02:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:zte:zxcloud_irai_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.23.32"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:zte:zxcloud_irai:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-01-09T20:00Z"}