CVE-2023-24671: VX Search 13.8 Unquoted Service Path ≈ Packet Storm

Executive Summary:Product Name: VX SearchVendor Home Page:  https://www.vxsearch.com/Affected Version(s): VX Search v13.8Fixed Version: all versions later v13.8Vulnerability Type: Unquoted Search Path (CWE-428)CVE Reference: CVE-2023-24671Credit: Thurein SoeVendor Description:VX Search is an automated, rule-based file search solution allowing one tosearch files by file type, category, file name, size, location, extension,regular expressions, text and binary patterns.Vulnerability description:VX Search v13.8 was discovered to contain an unquoted service pathvulnerability which allows attackers to execute arbitrary commands.However, this could not lead to a fully local privilege escalation attack.