CVE-2023-41783

Description

There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges.

CVSS Version 3.1

nvd
CVE ID: CVE-2023-41783
Base Score: 7.8
Base Severity: HIGH
Vector String:CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.8

zte.com
CVE ID: CVE-2023-41783
Base Score: 4.3
Base Severity: MEDIUM
Vector String:CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Impact Score: 3.4
Exploitability Score: 0.9

Refrence: NVD MITRE

Description​

Description