CVE-2023-4991
Published: 15 September 2023
Summary
CVE-2023-4991 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Quescom Nextbx Qwalerter. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Unquoted Path (T1574.009); ranked at the 40.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-54821
Vulnerability details
A vulnerability was found in NextBX QWAlerter 4.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file QWAlerter.exe. The manipulation leads to unquoted search path. It is possible to launch the attack…
more
on the local host. The identifier of this vulnerability is VDB-239804. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unquoted search path vulnerability (CWE-428) in QWAlerter.exe allows path interception by placing malicious executable in parent directory, directly enabling T1574.009 as stated in the advisory.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.