CVE-2023-7093 | KylinSoft kylin-system-updater up to 2.0.5.16-0k2.33 com.kylin.systemupgrade Service UpgradeStrategiesDbus.py SetDownloadspeedMax os command injection

A vulnerability classified as critical has been found in KylinSoft kylin-system-updater up to 2.0.5.16-0k2.33. Affected is an unknown function of the file /usr/share/kylin-system-updater/SystemUpdater/UpgradeStrategiesDbus.py of the component com.kylin.systemupgrade Service. The manipulation of the argument SetDownloadspeedMax leads to os command injection.

This vulnerability is traded as CVE-2023-7093. The attack needs to be approached locally. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-7093 | KylinSoft kylin-system-updater up to 2.0.5.16-0k2.33 com.kylin.systemupgrade Service UpgradeStrategiesDbus.py SetDownloadspeedMax os command injection

Related Posts

CVE-2024-23513 | PropertyHive Plugin up to 2.0.5 on WordPress deserialization

CVE-2024-41161 | Vonets VGA-1000 up to 3.3.23.6.9 hard-coded credentials (icsa-24-214-08)

CVE-2024-1922 | SourceCodester Online Job Portal 1.0 Manage Job Page /Employer/ManageJob.php Qualification/Description cross site scripting

CVE-2024-39517 | Juniper Networks Junos OS/Junos OS Evolved Layer 2 Address Learning Daemon unusual condition (JSA79175)