24Ara
CVE-2023-7093 | KylinSoft kylin-system-updater up to 2.0.5.16-0k2.33 com.kylin.systemupgrade Service UpgradeStrategiesDbus.py SetDownloadspeedMax os command injection
A vulnerability classified as critical has been found in KylinSoft kylin-system-updater up to 2.0.5.16-0k2.33. Affected is an unknown function of the file /usr/share/kylin-system-updater/SystemUpdater/UpgradeStrategiesDbus.py of the component com.kylin.systemupgrade Service. The manipulation of the argument SetDownloadspeedMax leads to os command injection. This vulnerability is traded as CVE-2023-7093. The attack needs to be approached locally. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.