CVE-2024-23847

Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/jp/JVN17680667/
https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html
https://www.yrl.com/fwp_support/info/khvu7f00000007j8.html
https://www.yrl.com/fwp_support/info/khvu7f0000000auf.html
https://jvn.jp/en/jp/JVN17680667/
https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html

Configurations

No configuration.

History

08 Apr 2025, 05:15

Type	Values Removed	Values Added
References		() https://www.yrl.com/fwp_support/info/khvu7f00000007j8.html - () https://www.yrl.com/fwp_support/info/khvu7f0000000auf.html -
Summary	(en) Incorrect default permissions issue exists in Unifier and Unifier Cast Version.5.0 or later, and the patch "20240527" not applied. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be modified or deleted.	(en) Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted.

21 Nov 2024, 08:58

Type	Values Removed	Values Added
References	~~() https://jvn.jp/en/jp/JVN17680667/ -~~	() https://jvn.jp/en/jp/JVN17680667/ -
References	~~() https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html -~~	() https://www.yrl.com/fwp_support/info/khvu7f00000000q7.html -

03 Jul 2024, 01:48

Type	Values Removed	Values Added
Summary		(es) Existe un problema de permisos predeterminados incorrectos en Unifier y Unifier Cast versión 5.0 o posterior, y el parche "20240527" no se aplicó. Si se explota esta vulnerabilidad, se puede ejecutar código arbitrario con privilegios LocalSystem. Como resultado, se puede instalar un programa malicioso y se pueden modificar o eliminar datos.
CWE		CWE-276
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.9

31 May 2024, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-31 06:15

Updated : 2025-04-08 05:15

NVD link : CVE-2024-23847

Mitre link : CVE-2024-23847

CVE.ORG link : CVE-2024-23847

JSON object : View

Products Affected

No product.

CWE

CWE-276

Incorrect Default Permissions

5.9 /10