CVE-2023-22947

{"id": "CVE-2023-22947", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}]}, "published": "2023-01-11T02:15:11.550", "references": [{"url": "https://shibboleth.atlassian.net/browse/SSPCPP-961", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335545/Install+on+Windows#Restricting-ACLs", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://shibboleth.atlassian.net/browse/SSPCPP-961", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335545/Install+on+Windows#Restricting-ACLs", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-427"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\\opt (rather than C:\\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that \"We consider the ACLs a best effort thing\" and \"it was a documentation mistake.\""}, {"lang": "es", "value": "Los permisos de carpeta inseguros en la ruta de instalaci\u00f3n de Windows de Shibboleth Service Provider (SP) anterior a 3.4.1 permiten a un atacante local sin privilegios escalar privilegios a SYSTEM mediante la instalaci\u00f3n de DLL en la carpeta del ejecutable del servicio. Esto ocurre porque la instalaci\u00f3n se realiza en C:\\opt (en lugar de C:\\Program Files) de forma predeterminada. NOTA: el proveedor cuestiona la importancia de este informe y afirma que \"Consideramos que las ACL son el mejor esfuerzo\" y \"fue un error de documentaci\u00f3n\"."}], "lastModified": "2025-04-07T19:15:51.873", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:shibboleth:service_provider:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66776430-A405-4D69-9067-9996AC30AAB8", "versionEndExcluding": "3.4.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}