CVE-2023-6080 - Vulnerability Details

Description

Lakeside Software’s SysTrack LsiAgent Installer version 10.7.8 for Windows contains a local privilege escalation vulnerability which allows attackers SYSTEM level access.

Published: 2024-10-18

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Lakeside Software

SysTrack LsiAgent Installer

affected

Version	Status	Constraints
`10.7.8`	affected	< 11.0

Configuration 1 [-]

cpe:2.3:a:lakesidesoftware:systrack_lsiagent:*:*:*:*:*:windows:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-58336	Lakeside Software’s SysTrack LsiAgent Installer version 10.7.8 for Windows contains a local privilege escalation vulnerability which allows attackers SYSTEM level access.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00249.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2024/MNDT-2024-0009.md
https://www.cve.org/CVERecord?id=CVE-2023-6080
https://www.lakesidesoftware.com/

History

Mon, 14 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00036}`	epss `{'score': 0.0004}`

Wed, 30 Oct 2024 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Lakesidesoftware Lakesidesoftware systrack Lsiagent
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:a:lakesidesoftware:systrack_lsiagent::::::windows::*
Vendors & Products		Lakesidesoftware Lakesidesoftware systrack Lsiagent
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Mon, 21 Oct 2024 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Lakeside Software Lakeside Software systrack Lsiagent Installer
CPEs		cpe:2.3:a:lakeside_software:systrack_lsiagent_installer::::::::
Vendors & Products		Lakeside Software Lakeside Software systrack Lsiagent Installer
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 18 Oct 2024 16:30:00 +0000

Type	Values Removed	Values Added
Description		Lakeside Software’s SysTrack LsiAgent Installer version 10.7.8 for Windows contains a local privilege escalation vulnerability which allows attackers SYSTEM level access.
Title		Privilege Escalation to SYSTEM in Lakeside Software Installer
Weaknesses		CWE-379
References		https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2024/MNDT-2024-0009.md https://www.cve.org/CVERecord?id=CVE-2023-6080 https://www.lakesidesoftware.com/

Subscriptions

Lakeside Software Systrack Lsiagent Installer

Lakesidesoftware Systrack Lsiagent

MITRE

Status: PUBLISHED

Assigner: Mandiant

Published: 2024-10-18T16:09:48.316Z

Updated: 2026-04-01T16:11:03.466Z

Reserved: 2023-11-10T18:03:22.778Z

Link: CVE-2023-6080

Vulnrichment

Updated: 2024-10-21T20:45:11.632Z

NVD

Status : Modified

Published: 2024-10-18T17:15:12.353

Modified: 2025-03-17T16:15:19.670

Link: CVE-2023-6080

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object