CVE-2023-7025 - OpenCVE

A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kylinos	Hedron-domain-hook

Configuration 1 [-]

cpe:2.3:a:kylinos:hedron-domain-hook:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://note.zhaoj.in/share/B05NqMPvEqoU
https://vuldb.com/?ctiid.248578
https://vuldb.com/?id.248578

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2023-12-21T03:00:05.997Z

Updated: 2024-08-02T08:50:07.595Z

Reserved: 2023-12-20T17:48:39.593Z

Link: CVE-2023-7025

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-21T03:15:07.857

Modified: 2024-05-17T02:34:03.957

Link: CVE-2023-7025

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-7025", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-12-20T17:48:39.593Z", "datePublished": "2023-12-21T03:00:05.997Z", "dateUpdated": "2024-08-02T08:50:07.595Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-02-13T07:29:31.478Z"}, "title": "KylinSoft hedron-domain-hook DBus init_kcm access control", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Controls"}]}], "affected": [{"vendor": "KylinSoft", "product": "hedron-domain-hook", "versions": [{"version": "3.8.0.12-0k0.0", "status": "affected"}, {"version": "3.8.0.12-0k0.1", "status": "affected"}, {"version": "3.8.0.12-0k0.2", "status": "affected"}, {"version": "3.8.0.12-0k0.3", "status": "affected"}, {"version": "3.8.0.12-0k0.4", "status": "affected"}, {"version": "3.8.0.12-0k0.5", "status": "affected"}], "modules": ["DBus Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In KylinSoft hedron-domain-hook bis 3.8.0.12-0k0.5 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion init_kcm der Komponente DBus Handler. Dank der Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.8, "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C"}}], "timeline": [{"time": "2023-12-20T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-12-20T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-12-20T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-01-13T18:05:48.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "glzjin (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.248578", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.248578", "tags": ["signature", "permissions-required"]}, {"url": "https://note.zhaoj.in/share/B05NqMPvEqoU", "tags": ["broken-link", "exploit"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:50:07.595Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.248578", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.248578", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://note.zhaoj.in/share/B05NqMPvEqoU", "tags": ["broken-link", "exploit", "x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kylinos:hedron-domain-hook:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BD5F9AD-A8F4-44EB-AF10-B2CBBCA99CFB", "versionEndIncluding": "3.8.0.12-0k0.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en KylinSoft hedron-domain-hook hasta 3.8.0.12-0k0.5. Ha sido declarado cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n init_kcm del componente DBus Handler. La manipulaci\u00f3n conduce a controles de acceso inadecuados. Es requerido atacar localmente. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-248578 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 al proveedor r\u00e1pidamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna forma."}], "id": "CVE-2023-7025", "lastModified": "2024-05-17T02:34:03.957", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-12-21T03:15:07.857", "references": [{"source": "cna@vuldb.com", "tags": ["Broken Link"], "url": "https://note.zhaoj.in/share/B05NqMPvEqoU"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.248578"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.248578"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "cna@vuldb.com", "type": "Secondary"}]}