{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T16:12:29.797","vulnerabilities":[{"cve":{"id":"CVE-2023-3181","sourceIdentifier":"cve-coordination@google.com","published":"2024-01-25T16:15:07.400","lastModified":"2025-08-14T14:52:30.797","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The C:\\Program Files (x86)\\Splashtop\\Splashtop Software Updater\\uninst.exe process creates a folder at C:\\Windows\\Temp~nsu.tmp and copies itself to it as Au_.exe. The C:\\Windows\\Temp~nsu.tmp\\Au_.exe file is automatically launched as SYSTEM when the system reboots or when a standard user runs an MSI repair using Splashtop Streamer’s Windows Installer. Since the C:\\Windows\\Temp~nsu.tmp folder inherits permissions from C:\\Windows\\Temp and Au_.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges."},{"lang":"es","value":"El proceso C:\\Program Files (x86)\\Splashtop\\Splashtop Software Updater\\uninst.exe crea una carpeta en C:\\Windows\\Temp~nsu.tmp y se copia en ella como Au_.exe. El archivo C:\\Windows\\Temp~nsu.tmp\\Au_.exe se inicia automáticamente como SISTEMA cuando el sistema se reinicia o cuando un usuario estándar ejecuta una reparación de MSI utilizando el instalador de Windows de Splashtop Streamer. Dado que la carpeta C:\\Windows\\Temp~nsu.tmp hereda permisos de C:\\Windows\\Temp y Au_.exe es susceptible al secuestro de DLL, los usuarios estándar pueden escribirle una DLL maliciosa y elevar sus privilegios."}],"metrics":{"cvssMetricV31":[{"source":"cve-coordination@google.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"cve-coordination@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-379"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:splashtop:mirroring360_receiver:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.0.1","matchCriteriaId":"6563A7D7-1B53-45F6-889E-5268473A0C1D"},{"vulnerable":true,"criteria":"cpe:2.3:a:splashtop:mirroring360_sender:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.0.0","matchCriteriaId":"3FCC4A5A-FA91-44A6-AEF7-AA7152924290"},{"vulnerable":true,"criteria":"cpe:2.3:a:splashtop:splashtop:*:*:*:*:business:*:*:*","versionEndExcluding":"3.5.6.0","matchCriteriaId":"746D321B-BF0D-48A9-98A0-82A5083902E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:splashtop:splashtop:*:*:*:*:personal:*:*:*","versionEndExcluding":"3.5.8.0","matchCriteriaId":"C45B532F-DE36-4E00-BF68-D03A44428D0B"},{"vulnerable":true,"criteria":"cpe:2.3:a:splashtop:splashtop_for_rmm:*:*:*:*:*:*:*:*","versionEndExcluding":"3.5.8.0","matchCriteriaId":"444CA138-705C-433C-9D79-2A013D581464"},{"vulnerable":true,"criteria":"cpe:2.3:a:splashtop:streamer:*:*:*:*:-:windows:*:*","versionEndExcluding":"3.5.6.0","matchCriteriaId":"38D5C0BB-40D8-4E05-9C4C-297D2B047B3C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0015.md","source":"cve-coordination@google.com","tags":["Third Party Advisory"]},{"url":"https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0015.md","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}