CVE-2023-20512

CVSS 3.1 Score 1.9 of 10 (low)

Details

Published Aug 13, 2024

Updated: Oct 30, 2024

CWE ID 798

Summary

CVE-2023-20512 is a newly identified cybersecurity vulnerability affecting the PMFW (Performance Management Facility for Windows) component. The issue arises from a hardcoded AES key, which if exploited by a privileged attacker, can grant unauthorized access to the key. This access could potentially lead to the leaking of internal debug information. The vulnerability poses a significant risk, as attackers with sufficient privileges can exploit this weakness to gain deeper insights into the system, potentially leading to further security breaches. Organizations using PMFW are strongly advised to apply the latest security patches to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database