Description
A DLL hijacking vulnerability was identified in the Qognify VMS Client Viewer version 7.1 or higher, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL, if some specific pre-conditions are met.
References (2)
Core 2
Core References
Exploit, Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2024/Mar/10
Exploit, Third Party Advisory third-party-advisory
https://r.sec-consult.com/qognify
Scores
CVSS v3
6.7
EPSS
0.0036
EPSS Percentile
27.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-427
Status
published
Products (1)
hexagon/qognify_vms_client_viewer
7.1
Published
Feb 26, 2024
Tracked Since
Feb 18, 2026