CVE-2023-51711

Abstract Advisory Information

The software is prone to a DLL hijacking attack, allowing a user to trigger the execution of arbitrary code every time the product is executed.

Author: Dominique Righetto

Version affected

Name: REGIFY

Product: Regipay Client

Versions: 4.5.1.0

Common Vulnerability Scoring System

2.4

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Patches

4.5.2

References

• CVE – CVE-2023-51711 (mitre.org)

Vulnerability Disclosure Timeline

• 18/11/2023: Vulnerability discovery
• 20/11/2023: Vulnerability Report to CERT-XLM
• 21/11/2023: Review by CERT-XLM
• 21/11/2023: Contact vendor over the phone
• 21/11/2023: Vendor gave point of contact
• 21/11/2023: Vulnerability report sent to the vendor
• 21/11/2023: Acknowledge from the vendor
• 22/11/2023: Update from the vendor: Fix is ongoing
• 28/11/2023: Updated vendor about publication
• 12/12/2023: Update asked to the vendor
• 18/12/2023: Vendor informed the vulnerability is fixed
• 20/12/2023: Request CVE ID to Mitre
• 22/12/2023: CVE ID assigned : CVE-2023-51711
• 22/01/2024: Vulnerability disclosure