Vulnerabilities > CVE-2023-1164 - Incorrect Authorization vulnerability in Kylinos Kylin OS

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

kylinos

CWE-863

NVD

Published: 2023-03-03

Updated: 2024-04-11

Summary

A vulnerability was found in KylinSoft kylin-activation on KylinOS and classified as critical. Affected by this issue is some unknown functionality of the component File Import. The manipulation leads to improper authorization. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.11-23 and 1.30.10-5.p23 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222260.

Vulnerable Configurations

Part	Description	Count
OS	Kylinos Kylinos Kylin OS *	2

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://vuldb.com/?ctiid.222260
https://vuldb.com/?id.222260
https://github.com/i900008/vulndb/blob/main/kylin-activation_vuln.md