CVE-2024-0833

{"id": "CVE-2024-0833", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "security@progress.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.1}]}, "published": "2024-01-31T16:15:46.600", "references": [{"url": "https://docs.telerik.com/teststudio/knowledge-base/product-notices-kb/legacy-installer-vulnerability", "tags": ["Vendor Advisory"], "source": "security@progress.com"}, {"url": "https://www.telerik.com/teststudio", "tags": ["Product"], "source": "security@progress.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "security@progress.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "In Telerik Test Studio versions prior to \n\nv2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component.\u00a0 In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system."}, {"lang": "es", "value": "En las versiones de Telerik Test Studio anteriores a la v2023.3.1330, se identific\u00f3 una vulnerabilidad de elevaci\u00f3n de privilegios en el componente del instalador de aplicaciones. En un entorno donde existe una instalaci\u00f3n de Telerik Test Studio, un usuario con privilegios bajos tiene la capacidad de manipular el paquete de instalaci\u00f3n para elevar sus privilegios en el sistema operativo subyacente."}], "lastModified": "2024-02-09T17:05:04.153", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:progress:telerik_test_studio:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57245635-375B-4EEB-9881-E9B20FD2F37F", "versionEndExcluding": "2023.3.1330"}], "operator": "OR"}]}], "sourceIdentifier": "security@progress.com"}