Creation of Temporary File in Directory with Insecure Permissions

CVE-2023-6080

High

7.8/10

Summary

Lakeside Software’s SysTrack LsiAgent Installer version 10.7.8 for Windows contains a local privilege escalation vulnerability which allows attackers SYSTEM level access.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-379 - Creation of Temporary File in Directory with Insecure Permissions

The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.

References

Advisory Timeline

Published Oct 18, 2024

Creation of Temporary File in Directory with Insecure Permissions

CVE-2023-6080

Summary

CWE-379 - Creation of Temporary File in Directory with Insecure Permissions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS