CVE-2023-49312

Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker memory dump, error message inspection, and modification of a MAC address.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://precisionbridge.net/738vulnerability	Exploit Third Party Advisory
https://processhacker.sourceforge.io/archive/website_v2/features.php	Not Applicable

Configurations

Configuration 1 (hide)

cpe:2.3:a:precisionbridge:precision_bridge:*:*:*:*:*:*:*:*

History

30 Nov 2023, 21:30

Type	Values Removed	Values Added
References	~~() https://precisionbridge.net/738vulnerability -~~	() https://precisionbridge.net/738vulnerability - Exploit, Third Party Advisory
References	~~() https://processhacker.sourceforge.io/archive/website_v2/features.php -~~	() https://processhacker.sourceforge.io/archive/website_v2/features.php - Not Applicable
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.1
First Time		Precisionbridge Precisionbridge precision Bridge
CPE		cpe:2.3:a:precisionbridge:precision_bridge::::::::
CWE		CWE-295

26 Nov 2023, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-26 22:15

Updated : 2023-12-10 15:26

NVD link : CVE-2023-49312

Mitre link : CVE-2023-49312

CVE.ORG link : CVE-2023-49312

JSON object : View

Products Affected

precisionbridge

precision_bridge

CWE

CWE-295

Improper Certificate Validation

9.1 /10