CVE-2023-44120
First published: Tue Jan 09 2024(Updated: )
A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q4). The affected product's sudo configuration permits the local administrative account to execute several entries as root user. This could allow an authenticated local attacker to inject arbitrary code and gain root access.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Spectrum Power 7 | <23q4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-44120?
CVE-2023-44120 is considered a high-severity vulnerability due to its potential to allow local authenticated attackers to gain root access.
How do I fix CVE-2023-44120?
To fix CVE-2023-44120, upgrade to Spectrum Power 7 version 23Q4 or later to mitigate the vulnerability.
What does CVE-2023-44120 affect?
CVE-2023-44120 affects all versions of Spectrum Power 7 prior to version 23Q4.
Who can exploit CVE-2023-44120?
CVE-2023-44120 can be exploited by authenticated local attackers who have access to the system.
What are the consequences of CVE-2023-44120?
The consequences of CVE-2023-44120 include unauthorized execution of arbitrary code and potential full system compromise.
- agent/type
- agent/weakness
- agent/author
- agent/references
- agent/description
- agent/softwarecombine
- agent/severity
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens spectrum power 7