Improper Access Rights in Spectrum Power 7 (All versions < V23Q3) Allows Arbitrary Code Injection and Privilege Escalation

Improper Access Rights in Spectrum Power 7 (All versions < V23Q3) Allows Arbitrary Code Injection and Privilege Escalation

CVE-2023-38557 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). The affected product assigns improper access rights to the update script. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.

Learn more about our Web Application Penetration Testing UK.