How severe is CVE-2023-43800?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2023-43800?

This is classified as CWE-345, which is a common weakness in software security.

CVE-2023-43800 - HIGH Severity | CVSS 7.8

Vulnerability Description

Arduino Create Agent is a package to help manage Arduino development. The vulnerability affects the endpoint `/v2/pkgs/tools/installed`. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those of the user running the Arduino Create Agent service via a crafted HTTP POST request. This issue has been addressed in version `1.3.3`. Users are advised to upgrade. There are no known workarounds for this issue.

Related Vulnerabilities

CVE-2017-0563

HIGH

CVSS:7.8(High)

An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Crit...

CWE-3452017

CVE-2019-0805

HIGH

CVSS:7.8(High)

An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE...

CWE-3452019

CVE-2019-10492

HIGH

CVSS:7.8(High)

Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD...

CWE-3452019

CVE-2019-18829

HIGH

CVSS:7.8(High)

Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Missing Support for Integrity Check. The Barco signed 'Clickshare_For_Windows.exe' binary on the ClickShare Button (R9861500D01) loads...

CWE-3452019

CVE-2020-14111

HIGH

CVSS:7.8(High)

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execu...

CWE-3452020

CVE-2020-26893

HIGH

CVSS:7.8(High)

An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3's helper too...

CWE-3452020