Vulnerability Details CVE-2023-25648
There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.4%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2023-25648
-
cpe:2.3:a:zte:zxcloud_irai:-
-
cpe:2.3:a:zte:zxcloud_irai:5.01.05
-
cpe:2.3:a:zte:zxcloud_irai:5.01.06
-
cpe:2.3:a:zte:zxcloud_irai:6.03.04
-
cpe:2.3:a:zte:zxcloud_irai:7.23.20