How severe is CVE-2023-28140?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2023-28140?

This is classified as CWE-427, which is a common weakness in software security.

CVE-2023-28140 - HIGH Severity | CVSS 7

Vulnerability Description

An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library (DLL) via a local attack vector instead of the DLL that the application was expecting, when processes are running with escalated privileges. This vulnerability is bounded only to the time of uninstallation and can only be exploited locally. At the time of this disclosure, versions before 4.0 are classified as End of Life.

Related Vulnerabilities

CVE-2017-5176

HIGH

CVSS:7.0(High)

A DLL Hijack issue was discovered in Rockwell Automation Connected Components Workbench (CCW). The following versions are affected: Connected Components Workbench - Developer Edition, v9.01.00 and ear...

CWE-4272017

CVE-2017-6051

HIGH

CVSS:7.0(High)

An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, which may al...

CWE-4272017

CVE-2017-9661

HIGH

CVSS:7.0(High)

An Uncontrolled Search Path Element issue was discovered in SIMPlight SCADA Software version 4.3.0.27 and prior. The uncontrolled search path element vulnerability has been identified, which may allow...

CWE-4272017

CVE-2018-5457

HIGH

CVSS:7.0(High)

A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vul...

CWE-4272018

CVE-2019-14688

HIGH

CVSS:7.0(High)

Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a n...

CWE-4272019

CVE-2019-19235

HIGH

CVSS:7.0(High)

AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. The user must put an application at a particular pat...

CWE-4272019