CVE-2023-28141

An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. Attackers may write files to arbitrary locations via a local attack vector. This allows attackers to assume the privileges of the process, and they may delete or otherwise on unauthorized files, allowing for the potential modification or deletion of sensitive files limited only to that specific directory/file object. This vulnerability is bounded to the time of installation/uninstallation and can only be exploited locally. At the time of this disclosure, versions before 4.0 are classified as End of Life.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.qualys.com/security-advisories/	Vendor Advisory
https://www.qualys.com/security-advisories/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:qualys:cloud_agent:*:*:*:*:*:windows:*:*

History

21 Nov 2024, 07:54

Type	Values Removed	Values Added
References	~~() https://www.qualys.com/security-advisories/ - Vendor Advisory~~	() https://www.qualys.com/security-advisories/ - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~6.3~~	v2 : unknown v3 : 6.7

Information

Published : 2023-04-18 16:15

Updated : 2024-11-21 07:54

NVD link : CVE-2023-28141

Mitre link : CVE-2023-28141

CVE.ORG link : CVE-2023-28141

JSON object : View

Products Affected

qualys

cloud_agent

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

NVD-CWE-noinfo

{"id": "CVE-2023-28141", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "bugreport@qualys.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.0}]}, "published": "2023-04-18T16:15:09.087", "references": [{"url": "https://www.qualys.com/security-advisories/", "tags": ["Vendor Advisory"], "source": "bugreport@qualys.com"}, {"url": "https://www.qualys.com/security-advisories/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "bugreport@qualys.com", "description": [{"lang": "en", "value": "CWE-59"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "\nAn NTFS Junction condition exists in the Qualys Cloud Agent\nfor Windows platform in versions before 4.8.0.31. Attackers may write files to\narbitrary locations via a local attack vector. This allows attackers to assume\nthe privileges of the process, and they may delete or otherwise on unauthorized\nfiles, allowing for the potential modification or deletion of sensitive files\nlimited only to that specific directory/file object. This vulnerability is\nbounded to the time of installation/uninstallation and can only be exploited locally.\n\n\n\nAt the time of this disclosure, versions before 4.0 are\nclassified as End of Life.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"}], "lastModified": "2024-11-21T07:54:28.663", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qualys:cloud_agent:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "EA975AAE-08D4-4B1F-BA55-C9F55B32A93F", "versionEndExcluding": "4.8.0.31", "versionStartIncluding": "3.1.3.34"}], "operator": "OR"}]}], "sourceIdentifier": "bugreport@qualys.com"}