An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component. NOTE: Heimdal argues that the limitation described here is a Microsoft Windows issue, not a Heimdal specific vulnerability. The USB control solution by Heimdal is meant to manage Microsoft Windows native USB restrictions. They maintain that their solution functions as a management layer over Windows settings and is not to blame for limitations in Windows' detection capabilities.
References
Link | Resource |
---|---|
https://medium.com/%40drabek.a/weaknesses-in-heimdal-thors-line-of-products-9d0e5095fb93 | Exploit Third Party Advisory |
Configurations
History
25 Sep 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component. NOTE: Heimdal argues that the limitation described here is a Microsoft Windows issue, not a Heimdal specific vulnerability. The USB control solution by Heimdal is meant to manage Microsoft Windows native USB restrictions. They maintain that their solution functions as a management layer over Windows settings and is not to blame for limitations in Windows' detection capabilities. |
29 Dec 2023, 02:20
Type | Values Removed | Values Added |
---|---|---|
First Time |
Heimdalsecurity thor
Apple Heimdalsecurity Microsoft windows Apple macos Microsoft |
|
References | () https://medium.com/%40drabek.a/weaknesses-in-heimdal-thors-line-of-products-9d0e5095fb93 - Exploit, Third Party Advisory | |
CPE | cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:heimdalsecurity:thor:*:*:*:*:*:*:*:* |
|
CWE | CWE-1333 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
21 Dec 2023, 02:24
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-21 01:15
Updated : 2024-09-25 20:15
NVD link : CVE-2023-29486
Mitre link : CVE-2023-29486
CVE.ORG link : CVE-2023-29486
JSON object : View
Products Affected
apple
- macos
microsoft
- windows
heimdalsecurity
- thor
CWE
CWE-1333
Inefficient Regular Expression Complexity