Strix
26.1K

CVE-2023-5136

MEDIUMCVSS 5.5/10EPSS 0.25%

Last modified

CVE-2023-5136 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.. EPSS estimates a 0.25% chance of exploitation in the next 30 days.

Description

An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.

Metrics

CVSS 3.1
5.5/10

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS Probability
0.25%

16.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
NiTopografix Data Plugin2023
NiDiadem2014
NiDiadem2015
NiDiadem2017
NiDiadem2018
NiDiadem2019
NiDiadem2020
NiDiadem2021
NiDiadem2022Q2
NiDiadem2023Q2
NiVeristand2013Sp1
NiVeristand2014
NiVeristand2015
NiVeristand2016
NiVeristand2017
NiVeristand2018
NiVeristand2019
NiVeristand2020
NiVeristand2021
NiVeristand2023Q1
NiFlexlogger2018R1
NiFlexlogger2019R1
NiFlexlogger2020R1
NiFlexlogger2021R1
NiFlexlogger2022Q2
NiFlexlogger2023Q1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-5136?
An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.
How severe is CVE-2023-5136?
CVE-2023-5136 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.25% probability of exploitation in the next 30 days.
How do I fix CVE-2023-5136?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-5136?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST