CNNVD-202512-3790 Information

CNNVD ID

CNNVD-202512-3790

Related CVE

CVE-2023-53947

• CNNVD Published: 2025-12-19

Description (Chinese)

OCS Inventory NG是一套开源的IT资产管理解决方案。 OCS Inventory NG 2.3.0.0版本存在代码问题漏洞，该漏洞源于未加引号的服务路径，可能导致权限提升。

Description (English)

OCS Information NG is an open-source IT asset management solution. Version 2.3.0.0 of the OCS Information NG 2.3.0.0 has a code problem loophole, which originates from service paths with no quotation marks, which may lead to increased privileges.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

OCS Inventory NG

Published

2025-12-19

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/51389 https://www.vulncheck.com/advisories/ocs-inventory-ng-unquoted-service-path-privilege-escalation https://github.com/OCSInventory-NG/WindowsAgent https://access.redhat.com/security/cve/cve-2023-53947

Patch

https://github.com/OCSInventory-NG/WindowsAgent/releases