[Japanese] | |
JVNDB-2023-000014 | |
NEC PC Settings Tool vulnerable to missing authentication for critical function | |
Overview | |
PC Settings Tool is an application pre-installed on computers provided by NEC by default. PC Settings Tool Library contained in the application is vulnerable to missing authentication for critical function (CWE-306). | |
CVSS Severity (What is CVSS?) | |
CVSS V3 Severity:
Base Metrics 8.8 (High) [IPA Score]
CVSS V2 Severity:
Base Metrics 6.8 (Medium) [IPA Score]
| |
Affected Products | |
The following versions of PC Settings Tool Library contained in PC Settings Tool are affected by this vulnerability. | |
NEC Corporation | |
PC Settings Tool is pre-installed on computers provided by NEC by default. For the details of the affected computer model numbers and/or product version numbers, refer to the information provided by the developer. | |
Impact | |
A general user of the computer which the affected product is installed may alter the registry with an administrative privilege. | |
Solution | |
[Update the Software] | |
Vendor Information | |
NEC Corporation | |
CWE (What is CWE?) | |
| |
CVE (What is CVE?) | |
| |
References | |
| |
Revision History | |
|
Date Public | 2023/02/10 |
Date First Published | 2023/02/10 |
Date Last Updated | 2024/06/10 |