0.59.1.71

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

NVD

Published: 2023-04-19

Updated: 2023-05-01

Summary

A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3 and later.

Vulnerable Configurations

Part	Description	Count
Application	Ui UI Desktop - UI Desktop 0.55.1.2 UI Desktop 0.55.3.17 UI Desktop 0.59.1.71	4

References

https://community.ui.com/releases/Security-Advisory-Bulletin-029-029/a47c68f2-1f3a-47c3-b577-eb70599644e4