How severe is CVE-2023-27362?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2023-27362?

This is classified as CWE-427, which is a common weakness in software security.

CVE-2023-27362 - HIGH Severity | CVSS 7

Vulnerability Description

3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 3CX. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-20026.

Related Vulnerabilities

CVE-2017-5176

HIGH

CVSS:7.0(High)

A DLL Hijack issue was discovered in Rockwell Automation Connected Components Workbench (CCW). The following versions are affected: Connected Components Workbench - Developer Edition, v9.01.00 and ear...

CWE-4272017

CVE-2017-6051

HIGH

CVSS:7.0(High)

An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, which may al...

CWE-4272017

CVE-2017-9661

HIGH

CVSS:7.0(High)

An Uncontrolled Search Path Element issue was discovered in SIMPlight SCADA Software version 4.3.0.27 and prior. The uncontrolled search path element vulnerability has been identified, which may allow...

CWE-4272017

CVE-2018-5457

HIGH

CVSS:7.0(High)

A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vul...

CWE-4272018

CVE-2019-14688

HIGH

CVSS:7.0(High)

Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a n...

CWE-4272019

CVE-2019-19235

HIGH

CVSS:7.0(High)

AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. The user must put an application at a particular pat...

CWE-4272019