CVE-2023-34642

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
kiowarekioware
𝑥
≤ 8.33
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/huntergregal/CVE/tree/main/CVE-2023-34642
https://github.com/huntergregal/CVE/tree/main/TBD-KIOWARE-002
https://www.kioware.com/versionhistory.aspx?pid=15
https://github.com/huntergregal/CVE/tree/main/CVE-2023-34642
https://github.com/huntergregal/CVE/tree/main/TBD-KIOWARE-002
https://www.kioware.com/versionhistory.aspx?pid=15