|
Original Release Date: August 28, 2023 Vulnerability ID CVE ID: CVE-2023-25648 CNNVD ID: CNNVD-2023-21867968 CVSS 3.1 Base Score 6.5 Medium (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L) Description There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges. Affected Products and Fixes Product Name | Affected Version | Resolved Version | ZXCLOUD iRAI | All versions up to V7.23.20 | V7.23.21 |
Acknowledgement ZTE thanks Liu Yiyang for paying attention to our products and cooperating with us to disclose vulnerabilities. Update Records August 28, 2023, initial. Version Update Method A device that supports automatic update can receive a pop-up update message. You can upgrade the device accordingly. If no update message is received, contact your service provider to obtain the update information. Global Customer Support Center http://support.zte.com.cn/support/web/Contact.aspx?_langType=en ZTE PSIRT https://www.zte.com.cn/global/cybersecurity/ztepsirt.html
|