CVE-2022-43752 — HIGH (7.8)

Vulnerability Description

Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability. A low privileged user can escalate to root by crafting a malicious printer and double clicking on the the crafted printer's icon.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Common Desktop Environment Project	Common Desktop Environment	-
Oracle	Solaris	10

Related Weaknesses (CWE)

CWE-120

References

http://phrack.org/issues/70/13.html#articleExploitIssue TrackingTechnical Description
https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintcheckdir_intExploitThird Party Advisory
http://phrack.org/issues/70/13.html#articleExploitIssue TrackingTechnical Description
https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintcheckdir_intExploitThird Party Advisory

FAQ

What is CVE-2022-43752?

CVE-2022-43752 is a vulnerability with a CVSS score of 7.8 (HIGH). Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability. A low privileged user can escalate to root by crafting a malicio...

How severe is CVE-2022-43752?

CVE-2022-43752 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-43752?

Check the references section above for vendor advisories and patch information. Affected products include: Common Desktop Environment Project Common Desktop Environment, Oracle Solaris.