Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-28 | CVE-2023-5797 | Improper Privilege Management vulnerability in Zyxel products An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access the administrator’s logs on an affected device. | 5.5 |
| 2023-11-28 | CVE-2023-5960 | Improper Privilege Management vulnerability in Zyxel ZLD An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device. | 5.5 |
| 2023-11-28 | CVE-2023-37925 | Improper Privilege Management vulnerability in Zyxel products An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access system files on an affected device. | 5.5 |
| 2023-11-28 | CVE-2023-5650 | Improper Privilege Management vulnerability in Zyxel ZLD An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to modify the URL of the registration page in the web GUI of an affected device. | 5.5 |
| 2023-11-16 | CVE-2023-44282 | Improper Privilege Management vulnerability in Dell Repository Manager Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. | 7.8 |
| 2023-11-16 | CVE-2023-44292 | Improper Privilege Management vulnerability in Dell Repository Manager Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. | 7.8 |
| 2023-11-16 | CVE-2023-6119 | Improper Privilege Management vulnerability in Trellix Getsusp An Improper Privilege Management vulnerability in Trellix GetSusp prior to version 5.0.0.27 allows a local, low privilege attacker to gain access to files that usually require a higher privilege level. | 7.8 |
| 2023-11-14 | CVE-2023-20563 | Improper Privilege Management vulnerability in AMD products Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. | 7.8 |
| 2023-11-14 | CVE-2023-20565 | Improper Privilege Management vulnerability in AMD products Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. | 7.8 |
| 2023-11-14 | CVE-2023-31273 | Improper Privilege Management vulnerability in Intel Data Center Manager Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 |