{"api_version":"1","generated_at":"2026-04-23T09:52:31+00:00","cve":"CVE-2023-28123","urls":{"html":"https://cve.report/CVE-2023-28123","api":"https://cve.report/api/cve/CVE-2023-28123.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-28123","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-28123"},"summary":{"title":"CVE-2023-28123","description":"A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later.","state":"PUBLIC","assigner":"support@hackerone.com","published_at":"2023-04-19 20:15:00","updated_at":"2023-05-01 20:25:00"},"problem_types":["CWE-732"],"metrics":[],"references":[{"url":"https://community.ui.com/releases/Security-Advisory-Bulletin-029-029/a47c68f2-1f3a-47c3-b577-eb70599644e4","name":"https://community.ui.com/releases/Security-Advisory-Bulletin-029-029/a47c68f2-1f3a-47c3-b577-eb70599644e4","refsource":"MISC","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-28123","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28123","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"28123","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ui","cpe5":"desktop","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2023-28123","ASSIGNER":"support@hackerone.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"UI Desktop for Windows","version":{"version_data":[{"version_value":"Fixed on Version 0.62.3 or later."}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Incorrect Permission Assignment for Critical Resource (CWE-732)"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://community.ui.com/releases/Security-Advisory-Bulletin-029-029/a47c68f2-1f3a-47c3-b577-eb70599644e4","url":"https://community.ui.com/releases/Security-Advisory-Bulletin-029-029/a47c68f2-1f3a-47c3-b577-eb70599644e4"}]},"description":{"description_data":[{"lang":"eng","value":"A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later."}]}},"nvd":{"publishedDate":"2023-04-19 20:15:00","lastModifiedDate":"2023-05-01 20:25:00","problem_types":["CWE-732"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ui:desktop:*:*:*:*:*:windows:*:*","versionEndExcluding":"0.62.3.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}