CVE-2023-38817

Published: Oct 11, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by Microsoft itself."

Affected (1)

Products: Echo: Anti Cheat Tool

1 product

Anti Cheat Tool

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Echo Anti Cheat Tool	Before 5.2.1.0

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://ioctl.fail/echo-ac-writeup/

Source: cve@mitre.org

ExploitThird Party Advisory

https://ioctl.fail/echo-ac-writeup/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.