CVE-2023-49114

A DLL hijacking vulnerability was identified in the Qognify VMS Client Viewer version 7.1 or higher, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL, if some specific pre-conditions are met.
References
Link Resource
http://seclists.org/fulldisclosure/2024/Mar/10 Exploit Mailing List Third Party Advisory
https://r.sec-consult.com/qognify Exploit Third Party Advisory
http://seclists.org/fulldisclosure/2024/Mar/10 Exploit Mailing List Third Party Advisory
https://r.sec-consult.com/qognify Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:hexagon:qognify_vms_client_viewer:*:*:*:*:*:*:*:*

History

25 Apr 2025, 19:40

Type Values Removed Values Added
CPE cpe:2.3:a:hexagon:qognify_vms_client_viewer:*:*:*:*:*:*:*:*
First Time Hexagon qognify Vms Client Viewer
Hexagon
References () http://seclists.org/fulldisclosure/2024/Mar/10 - () http://seclists.org/fulldisclosure/2024/Mar/10 - Exploit, Mailing List, Third Party Advisory
References () https://r.sec-consult.com/qognify - () https://r.sec-consult.com/qognify - Exploit, Third Party Advisory

13 Feb 2025, 18:15

Type Values Removed Values Added
Summary (en) A DLL hijacking vulnerability was identified in the Qognify VMS Client Viewer version 7.1 or higher, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL, if some specific pre-conditions are met. (en) A DLL hijacking vulnerability was identified in the Qognify VMS Client Viewer version 7.1 or higher, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL, if some specific pre-conditions are met.

21 Nov 2024, 08:32

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2024/Mar/10 - () http://seclists.org/fulldisclosure/2024/Mar/10 -
References () https://r.sec-consult.com/qognify - () https://r.sec-consult.com/qognify -

14 Aug 2024, 15:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.7

03 Mar 2024, 03:15

Type Values Removed Values Added
Summary
  • (es) Se identificó una vulnerabilidad de secuestro de DLL en Qognify VMS Client Viewer versión 7.1 o superior, que permite a los usuarios locales ejecutar código arbitrario y obtener mayores privilegios mediante la colocación cuidadosa de un DLL malicioso, si se cumplen algunas condiciones previas específicas.
References
  • () http://seclists.org/fulldisclosure/2024/Mar/10 -

26 Feb 2024, 16:32

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-26 16:27

Updated : 2025-04-25 19:40


NVD link : CVE-2023-49114

Mitre link : CVE-2023-49114

CVE.ORG link : CVE-2023-49114


JSON object : View

Products Affected

hexagon

  • qognify_vms_client_viewer
CWE
CWE-427

Uncontrolled Search Path Element