CVE-2023-38817
published 2023-10-11CVE-2023-38817: An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the…
PriorityP278high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.45%
36.0th percentile
An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by Microsoft itself."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| echo | anti_cheat_tool | < 5.2.1.0 | 5.2.1.0 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5949-v5hq-vggr: An issue in Inspect Element Ltd Echo
ghsa_unreviewed·2023-10-11
CVE-2023-38817 [HIGH] CWE-269 GHSA-5949-v5hq-vggr: An issue in Inspect Element Ltd Echo
An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component.
VulnCheck
echo anti_cheat_tool Improper Privilege Management
vulncheck·2023·CVSS 7.8
CVE-2023-38817 [HIGH] echo anti_cheat_tool Improper Privilege Management
echo anti_cheat_tool Improper Privilege Management
An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by Microsoft itself."
Affected: echo anti_cheat_tool
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://news.sophos.com/en-us/2024/09/10/crimson-palace-new-tools-tactics-targets/
Exploit PoC: https://vulncheck.com/xdb/f7b4b4265efb
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-10-11
Published
Exploited in the wild