{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-41780","assignerOrgId":"6786b568-6808-4982-b61f-398b0d9679eb","state":"PUBLISHED","assignerShortName":"zte","dateReserved":"2023-09-01T09:02:00.657Z","datePublished":"2024-01-03T01:52:10.749Z","dateUpdated":"2024-09-06T17:48:21.970Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows"],"product":"ZXCLOUD iRAI","vendor":"ZTE","versions":[{"lessThanOrEqual":"7.23.23","status":"affected","version":"All versions up to 7.23.23","versionType":"custom"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the &nbsp;program &nbsp;failed to adequately validate the user's input, an attacker could exploit this vulnerability &nbsp;to escalate local privileges.</p><br>"}],"value":"There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the  program  failed to adequately validate the user's input, an attacker could exploit this vulnerability  to escalate local privileges.\n\n\n"}],"impacts":[{"capecId":"CAPEC-1","descriptions":[{"lang":"en","value":"CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.4,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"6786b568-6808-4982-b61f-398b0d9679eb","shortName":"zte","dateUpdated":"2024-01-03T01:57:56.978Z"},"references":[{"url":"https://https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"7.23.32"}],"value":"7.23.32"}],"source":{"discovery":"EXTERNAL"},"title":"Unsafe DLL Loading Vulnerability in ZTE ZXCLOUD iRAI","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T19:09:48.247Z"},"title":"CVE Program Container","references":[{"url":"https://https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404","tags":["x_transferred"]}]},{"affected":[{"vendor":"zte","product":"zxcloud_irai_firmware","cpes":["cpe:2.3:o:zte:zxcloud_irai_firmware:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"7.23.23","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-03-08T20:33:26.874082Z","id":"CVE-2023-41780","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-06T17:48:21.970Z"}}]}}