Vulnerabilities > CVE-2023-45883 - Unspecified vulnerability in Enghouse Qumu 2.0.0

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

enghouse

NVD

Published: 2023-10-19

Updated: 2023-10-27

Summary

A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM privileges. Standard users may use this to gain arbitrary code execution as SYSTEM.

Vulnerable Configurations

Part	Description	Count
Application	Enghouse Enghouse Qumu 2.0.0	1
OS	Microsoft Microsoft Windows -	1

References

https://www.vidyo.com/enterprise-video-management/qumu
https://hackandpwn.com/disclosures/CVE-2023-45883.pdf