CVE-2023-2331 HIGH

CVE-2023-2331: Bypassing hardening via Unquoted Service path vulnerability

Vendor 42Gears
Product Surelock Windows
Weakness CWE-428
Published April 27, 2023
Last update January 30, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service (NixService.Exe) on Windows application will allows to insert arbitrary code into the service. This issue affects Surelock Windows : from 2.3.12 through 2.40.0.

Key dates

02Disclosure timeline

April 27, 2023 CVE published
January 30, 2025 Record updated