{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-0887","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2023-02-17T08:19:10.606Z","datePublished":"2023-02-17T08:20:10.479Z","dateUpdated":"2025-03-12T20:10:52.014Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2023-10-20T21:12:44.875Z"},"title":"phjounin TFTPD64-SE tftpd64_svc.exe unquoted search path","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-428","lang":"en","description":"CWE-428 Unquoted Search Path"}]}],"affected":[{"vendor":"phjounin","product":"TFTPD64-SE","versions":[{"version":"4.64","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified as critical. This issue affects some unknown processing of the file tftpd64_svc.exe. The manipulation leads to unquoted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The associated identifier of this vulnerability is VDB-221351."},{"lang":"de","value":"Eine kritische Schwachstelle wurde in phjounin TFTPD64-SE 4.64 gefunden. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei tftpd64_svc.exe. Durch das Beeinflussen mit unbekannten Daten kann eine unquoted search path-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Die Komplexität eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":7,"vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":7,"vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":6,"vectorString":"AV:L/AC:H/Au:S/C:C/I:C/A:C"}}],"timeline":[{"time":"2023-02-17T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2023-02-17T00:00:00.000Z","lang":"en","value":"CVE reserved"},{"time":"2023-02-17T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2023-03-18T13:52:10.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"RedHatAugust (VulDB User)","type":"analyst"}],"references":[{"url":"https://vuldb.com/?id.221351","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.221351","tags":["signature"]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T05:24:34.708Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.221351","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.221351","tags":["signature","x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-12T20:10:43.096674Z","id":"CVE-2023-0887","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-12T20:10:52.014Z"}}]}}