CVE-2023-49114

MEDIUM

Qognify VMS Client Viewer >=7.1 - RCE

Title source: llm

Description

A DLL hijacking vulnerability was identified in the Qognify VMS Client Viewer version 7.1 or higher, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL, if some specific pre-conditions are met.

References (2)

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2024/Mar/10

[Exploit, Third Party Advisory] https://r.sec-consult.com/qognify

Scores

CVSS v3 6.7

EPSS 0.0006

EPSS Percentile 17.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

hexagon/qognify_vms_client_viewer

Timeline

Published Feb 26, 2024

Tracked Since Feb 18, 2026