Severity: high (7.8)
First published: Thu Sep 14 2023
Last modified: Thu Sep 21 2023
A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). The affected product assigns improper access rights to the update script. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.
The severity of CVE-2023-38557 is high with a CVSS score of 7.8.
CVE-2023-38557 affects all versions of Spectrum Power 7 prior to V23Q3.
The vulnerability in CVE-2023-38557 is improper access rights assignment to the update script, allowing an authenticated local attacker to inject arbitrary code and escalate privileges.
An attacker can exploit the vulnerability in CVE-2023-38557 by sending malicious code to the update script, thereby injecting arbitrary code and gaining elevated privileges.
Yes, the fix for CVE-2023-38557 is to update Spectrum Power 7 to version V23Q3 or newer.