Medium severity5.3NVD Advisory· Published Dec 25, 2023· Updated Jun 17, 2026
CVE-2023-7093
CVE-2023-7093
Description
A vulnerability classified as critical has been found in KylinSoft kylin-system-updater up to 2.0.5.16-0k2.33. Affected is an unknown function of the file /usr/share/kylin-system-updater/SystemUpdater/UpgradeStrategiesDbus.py of the component com.kylin.systemupgrade Service. The manipulation of the argument SetDownloadspeedMax leads to os command injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248940. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Affected products
2- Range: <=2.0.5.16-0k2.33
- KylinSoft/kylin-system-updaterv5Range: 2.0.5.16-0k2.0
Patches
Vulnerability mechanics
References
3- vuldb.comnvdPermissions RequiredThird Party AdvisoryVDB Entry
- vuldb.comnvdPermissions RequiredThird Party AdvisoryVDB Entry
- note.zhaoj.in/share/L1hGe9BDlbntnvdBroken Link
News mentions
0No linked articles in our index yet.