Insecure Operation on Windows Junction / Mount Point

CVE-2023-40623

Medium

6.2/10

Summary

SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited impact on integrity and completely compromising the availability of the system.

Attack Complexity: HIGH
Attack Vector: ADJACENT_NETWORK
Integrity Impact: LOW
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-1386 - Insecure Operation on Windows Junction / Mount Point

The software opens a file or directory, but it does not properly prevent the name from being associated with a junction or mount point to a destination that is outside of the intended control sphere.

References

Advisory Timeline

Published Sep 12, 2023

Insecure Operation on Windows Junction / Mount Point

CVE-2023-40623

Summary

CWE-1386 - Insecure Operation on Windows Junction / Mount Point

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS