Skip to content
Call +1.424.284.2574

42Gears Security and Compliance Standards

Advisory ID: 42G-2023-001

Shortened Description: Bypassing hardening via Unquoted Service path vulnerability

Explanation:

Severity (CVSSv3 Range): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Issue date: 2023-04-27

Updated on: 2023-04-28

CVE(s): CVE-2023-2331

Impacted products: Surelock Windows from 2.3.12 through 2.40.0

Affected component: SureLockWin8.exe service

Vulnerability Overview: Presence of Unquoted Service Path.This may allow an authorized local user to insert arbitrary code into the service.

Known Attack Vectors: A malicious actor,local system access,with Read privileges may be able to insert arbitrary code into the service.

Mitigations: Upgrade to Surelock windows v2.41.0

Acknowledgements: 42Gears would like to thank Philips India for responsibly reporting this issue to us.

Reference:

https://www.cve.org/cverecord?id=CVE-2023-2331

https://nvd.nist.gov/vuln/detail/CVE-2023-2331