CVE-2023-28123

Summary

A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later.

Affected Software

VendorProductVersion RangeStatus
n/aUI Desktop for WindowsFixed on Version 0.62.3 or later.affected

Weaknesses

  • CWE-732: Incorrect Permission Assignment for Critical Resource (CWE-732)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References