CRITICAL🇵🇱 Wersja polska

CVE-2023-40501

CVSS 9.8v3.1pub. 2024-05-03upd. 2025-04-10

LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the copyContent command. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19945.

🤖 AI Analysis
How it works

The vulnerability occurs in the implementation of the copyContent command, which exposes a dangerous function without appropriate access control mechanisms. An attacker can invoke this function remotely over the network without providing any credentials. This results in arbitrary code execution in the context of the SYSTEM account, which means the highest privilege level in the Windows operating system.

Impact

The attacker gains full control of the compromised system with SYSTEM privileges, enabling installation of malicious software, data theft, lateral movement in the network, and complete host takeover.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references. It is also recommended to restrict network access to the LG Simple Editor application using a firewall to trusted hosts and monitor network traffic directed to this service.

Who is affected

LG Simple Editor — specific vulnerable versions are indicated in the manufacturer's references and in the Zero Day Initiative advisories (ZDI-23-1217)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Lg Simple Editor

    APP
    Lg
    3.21.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2023-40497CRITICAL9.8PL ✓ten sam produkt

LG Simple Editor — path traversal umożliwiający zdalny RCE jako SYSTEM

CVE-2023-40494CRITICAL9.1PL ✓ten sam produkt

LG Simple Editor — path traversal umożliwiający usunięcie dowolnych plików

CVE-2023-40493CRITICAL9.8PL ✓ten sam produkt

LG Simple Editor — path traversal umożliwiający RCE jako SYSTEM

CVE-2023-40492CRITICAL9.1PL ✓ten sam produkt

LG Simple Editor — path traversal umożliwiający usunięcie dowolnych plików

CVE-2023-40498CRITICAL9.8PL ✓ten sam produkt

LG Simple Editor: path traversal w komendzie cp umożliwia RCE jako SYSTEM