CVE-2023-0887 HIGH

CVE-2023-0887: phjounin TFTPD64-SE tftpd64_svc.exe unquoted search path

Vendor Phjounin
Product TFTPD64-SE
Weakness CWE-428
Published February 17, 2023
Last update March 12, 2025

CVSS base score

7.0/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified as critical. This issue affects some unknown processing of the file tftpd64_svc.exe. The manipulation leads to unquoted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The associated identifier of this vulnerability is VDB-221351.

Key dates

02Disclosure timeline

February 17, 2023 CVE published
March 12, 2025 Record updated