cve-2023-20084
Vulnerability from cvelistv5
Published
2023-11-22 17:09
Modified
2024-08-02 08:57
Severity ?
EPSS score ?
Summary
A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could exploit this vulnerability by persuading a user to put a malicious file into a specific folder and then persuading the user to execute the file within a limited time window. A successful exploit could allow the attacker to cause the endpoint software to fail to quarantine the malicious file or kill its process. Note: This vulnerability only applies to deployments that have the Windows Folder Redirection feature enabled.
References
▼ | URL | Tags | |
---|---|---|---|
ykramarz@cisco.com | https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd | Issue Tracking, Vendor Advisory |
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Secure Endpoint |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:57:35.892Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-secure-endpoint-dos-RzOgFKnd", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco Secure Endpoint", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "6.0.9" }, { "status": "affected", "version": "6.0.7" }, { "status": "affected", "version": "6.1.5" }, { "status": "affected", "version": "6.1.7" }, { "status": "affected", "version": "6.1.9" }, { "status": "affected", "version": "6.2.1" }, { "status": "affected", "version": "6.2.5" }, { "status": "affected", "version": "6.2.19" }, { "status": "affected", "version": "6.2.3" }, { "status": "affected", "version": "6.2.9" }, { "status": "affected", "version": "6.3.5" }, { "status": "affected", "version": "6.3.1" }, { "status": "affected", "version": "6.3.7" }, { "status": "affected", "version": "6.3.3" }, { "status": "affected", "version": "7.0.5" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.5" }, { "status": "affected", "version": "7.2.13" }, { "status": "affected", "version": "7.2.7" }, { "status": "affected", "version": "7.2.3" }, { "status": "affected", "version": "7.2.11" }, { "status": "affected", "version": "7.2.5" }, { "status": "affected", "version": "7.3.1" }, { "status": "affected", "version": "7.3.9" }, { "status": "affected", "version": "7.3.3" }, { "status": "affected", "version": "7.3.5" }, { "status": "affected", "version": "8.1.7" }, { "status": "affected", "version": "8.1.5" }, { "status": "affected", "version": "8.1.3.21242" }, { "status": "affected", "version": "8.1.7.21512" }, { "status": "affected", "version": "8.1.3" }, { "status": "affected", "version": "8.1.5.21322" }, { "status": "affected", "version": "8.1.7.21417" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could exploit this vulnerability by persuading a user to put a malicious file into a specific folder and then persuading the user to execute the file within a limited time window. A successful exploit could allow the attacker to cause the endpoint software to fail to quarantine the malicious file or kill its process. Note: This vulnerability only applies to deployments that have the Windows Folder Redirection feature enabled." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-437", "description": "Incomplete Model of Endpoint Features", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-25T16:57:42.470Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-secure-endpoint-dos-RzOgFKnd", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd" } ], "source": { "advisory": "cisco-sa-secure-endpoint-dos-RzOgFKnd", "defects": [ "CSCwh78740" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20084", "datePublished": "2023-11-22T17:09:38.783Z", "dateReserved": "2022-10-27T18:47:50.334Z", "dateUpdated": "2024-08-02T08:57:35.892Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-20084\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2023-11-22T17:15:18.317\",\"lastModified\":\"2024-01-25T17:15:28.960\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could exploit this vulnerability by persuading a user to put a malicious file into a specific folder and then persuading the user to execute the file within a limited time window. A successful exploit could allow the attacker to cause the endpoint software to fail to quarantine the malicious file or kill its process. Note: This vulnerability only applies to deployments that have the Windows Folder Redirection feature enabled.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el software de endpoint de Cisco Secure Endpoint para Windows podr\u00eda permitir que un atacante local autenticado evada la protecci\u00f3n del endpoint dentro de un per\u00edodo de tiempo limitado. Esta vulnerabilidad se debe a un problema de sincronizaci\u00f3n que ocurre entre varios componentes de software. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario para que coloque un archivo malicioso en una carpeta espec\u00edfica y luego persuadi\u00e9ndolo para que ejecute el archivo dentro de un per\u00edodo de tiempo limitado. Un exploit exitoso podr\u00eda permitir al atacante hacer que el software del terminal no ponga en cuarentena el archivo malicioso o finalice su proceso. Nota: Esta vulnerabilidad solo se aplica a implementaciones que tienen habilitada la funci\u00f3n Redirecci\u00f3n de carpetas de Windows.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":0.8,\"impactScore\":3.6},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":5.0,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.3,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-437\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:-:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"73BBFC84-0CBF-4A1A-BC85-58743828CB8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.0.7:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"9CBD2020-8CEC-4803-B8D0-8B8C051E3A17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.0.9:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"F61FA930-DE23-4BA5-B854-5E672534B14D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.1.5:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"0DB04EC8-AE2F-4186-B9C1-C36CA7B639AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.1.7:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"D6D13A24-5CE0-44CD-A6FC-E0656C5FC99A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.1.9:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"994F00AC-6728-455E-A785-65BBBE20C7CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.2.1:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"18C64C5D-0100-4350-9784-90A214CD6A7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.2.3:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"6C4D34D1-809E-4910-A23A-10DF0C1A6997\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.2.5:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"C373761A-45AD-49E7-BF7E-27B7043A2769\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.2.9:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"C8A3A132-D202-4E5D-B9C1-DAF2916008FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.2.19:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"A4E9E097-45BA-4009-AD4E-D8182E6068FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.3.1:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"42A92525-2605-455D-93A9-E4AF1995CCB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.3.3:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"10C46D21-DA26-46C6-9C1E-69A51D076210\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.3.5:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"7B56C363-A5B8-4F91-8414-4271D83E997D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.3.7:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"6615CB6A-6B26-4F16-BC9B-6E8DB80B0DC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:7.0.5:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"AF8AF3D2-0507-470E-B8EA-45D2427FAA58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:7.1.1:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"AB6D5375-A4F4-4B24-B377-AE8DDA898F2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:7.1.5:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"160F070E-CB81-4DA6-88D1-A01639B8D9D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:7.2.3:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"879BF746-BF6F-4E19-9543-06DB4190F3B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:7.2.5:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"3DCD32D3-5F52-45AC-952F-AED1DE87FDFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:7.2.7:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"4E9E10B5-D259-4E9D-8688-3A48970FC28A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:7.2.11:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"BE6734FD-FD35-4BD9-AE25-DA01D6B985E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:7.2.13:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"3C013C0C-C5E5-43A3-BFAB-7B92A86C6620\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:7.3.1:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"0CA4FD17-D6EE-4DBE-9F29-39D7AC67F6E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:7.3.3:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"E56295B4-219E-41FA-843C-A271DFC2D167\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:7.3.5:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"60B7C0C9-401D-4658-A683-22300A0007B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:7.3.9:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"1796BB1E-C26E-4394-A8C9-55D27A08367D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:8.1.3:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"D427238E-BFDC-4567-BAF8-C2DC5DDB3F6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:8.1.3.21242:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"C5309996-3287-4844-A116-12EFE751DB50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:8.1.5:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"53C0527C-79BB-4954-970F-04A06FBD13E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:8.1.5.21322:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"94EFBC3A-9EA8-4922-BAB2-BA4AE6CC5287\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:8.1.7:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"A9B45180-615C-40D4-A726-0B19EEEC1052\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:8.1.7.21417:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"65D971B4-FC73-458C-80AA-A3EA0BB7DFD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:8.1.7.21512:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"0CE68809-1B04-4C6D-AE6D-2AB8AE76DC5F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.0\",\"matchCriteriaId\":\"35AC2B5C-975C-47E3-BC8B-AFFBBE59ED6F\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}" } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.