CVE-2023-29446

Description

An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.

CVSS Version 3.1

nvd
CVE ID: CVE-2023-29446
Base Score: 4.7
Base Severity: MEDIUM
Vector String:CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 1.0

dragos
CVE ID: CVE-2023-29446
Base Score: 4.7
Base Severity: MEDIUM
Vector String:CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 1.0

Refrence: NVD MITRE

Description​

Description