CVE-2023-28142 (GCVE-0-2023-28142)
Vulnerability from cvelistv5 – Published: 2023-04-18 15:51 – Updated: 2025-03-03 19:22
VLAI?
Summary
A Race Condition exists in the Qualys Cloud Agent for Windows
platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to
escalate privileges limited on the local machine during uninstallation of the
Qualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on
that asset to run arbitrary commands.
At the time of this disclosure, versions before 4.0 are classified as End
of Life.
Severity ?
6.7 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualys | Cloud Agent |
Affected:
3.1.3.34 , < 4.5.3.1
(custom)
|
Credits
Lockheed Martin Red Team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.qualys.com/security-advisories/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T19:52:01.326887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T19:22:08.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cloud Agent",
"vendor": "Qualys",
"versions": [
{
"lessThan": "4.5.3.1",
"status": "affected",
"version": " 3.1.3.34",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lockheed Martin Red Team"
}
],
"datePublic": "2023-04-18T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eA Race Condition exists in the Qualys Cloud Agent for Windows\nplatform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to\nescalate privileges limited on the local machine during uninstallation of the\nQualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on\nthat asset to run arbitrary commands.\u003cbr\u003e\n\u003cbr\u003e\nAt the time of this disclosure, versions before 4.0 are classified as End\nof Life.\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\n\n\n\n\n\n"
}
],
"value": "\nA Race Condition exists in the Qualys Cloud Agent for Windows\nplatform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to\nescalate privileges limited on the local machine during uninstallation of the\nQualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on\nthat asset to run arbitrary commands.\n\n\n\nAt the time of this disclosure, versions before 4.0 are classified as End\nof Life.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Proof of Concept"
}
],
"value": "Proof of Concept"
}
],
"impacts": [
{
"capecId": "CAPEC-26",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-26 Leveraging Race Conditions"
}
]
},
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T15:51:58.344Z",
"orgId": "8a309ac4-d8c7-4735-9c1d-ca39c5dfbcda",
"shortName": "Qualys"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.qualys.com/security-advisories/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to version\u0026nbsp;4.5.3.1 of the Qualys Cloud Agent for Windows"
}
],
"value": "Upgrade to version\u00a04.5.3.1 of the Qualys Cloud Agent for Windows"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Race Condition",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8a309ac4-d8c7-4735-9c1d-ca39c5dfbcda",
"assignerShortName": "Qualys",
"cveId": "CVE-2023-28142",
"datePublished": "2023-04-18T15:51:58.344Z",
"dateReserved": "2023-03-10T21:23:28.797Z",
"dateUpdated": "2025-03-03T19:22:08.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qualys:cloud_agent:*:*:*:*:*:windows:*:*\", \"versionStartIncluding\": \"3.1.3.34\", \"versionEndExcluding\": \"4.5.3.1\", \"matchCriteriaId\": \"A3C649A1-257A-441A-A11B-33208739DABD\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"\\nA Race Condition exists in the Qualys Cloud Agent for Windows\\nplatform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to\\nescalate privileges limited on the local machine during uninstallation of the\\nQualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on\\nthat asset to run arbitrary commands.\\n\\n\\n\\nAt the time of this disclosure, versions before 4.0 are classified as End\\nof Life.\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\"}]",
"id": "CVE-2023-28142",
"lastModified": "2024-11-21T07:54:28.780",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"bugreport@qualys.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 6.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.0, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.0, \"impactScore\": 5.9}]}",
"published": "2023-04-18T16:15:09.153",
"references": "[{\"url\": \"https://www.qualys.com/security-advisories/\", \"source\": \"bugreport@qualys.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.qualys.com/security-advisories/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "bugreport@qualys.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"bugreport@qualys.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-362\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-362\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-28142\",\"sourceIdentifier\":\"bugreport@qualys.com\",\"published\":\"2023-04-18T16:15:09.153\",\"lastModified\":\"2024-11-21T07:54:28.780\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nA Race Condition exists in the Qualys Cloud Agent for Windows\\nplatform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to\\nescalate privileges limited on the local machine during uninstallation of the\\nQualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on\\nthat asset to run arbitrary commands.\\n\\n\\n\\nAt the time of this disclosure, versions before 4.0 are classified as End\\nof Life.\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"bugreport@qualys.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"bugreport@qualys.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qualys:cloud_agent:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"3.1.3.34\",\"versionEndExcluding\":\"4.5.3.1\",\"matchCriteriaId\":\"A3C649A1-257A-441A-A11B-33208739DABD\"}]}]}],\"references\":[{\"url\":\"https://www.qualys.com/security-advisories/\",\"source\":\"bugreport@qualys.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.qualys.com/security-advisories/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"platforms\": [\"Windows\"], \"product\": \"Cloud Agent\", \"vendor\": \"Qualys\", \"versions\": [{\"lessThan\": \"4.5.3.1\", \"status\": \"affected\", \"version\": \" 3.1.3.34\", \"versionType\": \"custom\"}]}], \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Lockheed Martin Red Team\"}], \"datePublic\": \"2023-04-18T16:00:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\u003cp\u003e\u003c/p\u003e\u003cp\u003eA Race Condition exists in the Qualys Cloud Agent for Windows\\nplatform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to\\nescalate privileges limited on the local machine during uninstallation of the\\nQualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on\\nthat asset to run arbitrary commands.\u003cbr\u003e\\n\u003cbr\u003e\\nAt the time of this disclosure, versions before 4.0 are classified as End\\nof Life.\u003c/p\u003e\\n\\n\\n\\n\\n\\n\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\\n\\n\\n\\n\\n\\n\"}], \"value\": \"\\nA Race Condition exists in the Qualys Cloud Agent for Windows\\nplatform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to\\nescalate privileges limited on the local machine during uninstallation of the\\nQualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on\\nthat asset to run arbitrary commands.\\n\\n\\n\\nAt the time of this disclosure, versions before 4.0 are classified as End\\nof Life.\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\"}], \"exploits\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"Proof of Concept\"}], \"value\": \"Proof of Concept\"}], \"impacts\": [{\"capecId\": \"CAPEC-26\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-26 Leveraging Race Conditions\"}]}, {\"capecId\": \"CAPEC-233\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-233 Privilege Escalation\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 6.7, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"REQUIRED\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\", \"version\": \"3.1\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-362\", \"description\": \"CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"8a309ac4-d8c7-4735-9c1d-ca39c5dfbcda\", \"shortName\": \"Qualys\", \"dateUpdated\": \"2023-04-18T15:51:58.344Z\"}, \"references\": [{\"tags\": [\"vendor-advisory\"], \"url\": \"https://www.qualys.com/security-advisories/\"}], \"solutions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"Upgrade to version\u0026nbsp;4.5.3.1 of the Qualys Cloud Agent for Windows\"}], \"value\": \"Upgrade to version\\u00a04.5.3.1 of the Qualys Cloud Agent for Windows\"}], \"source\": {\"discovery\": \"EXTERNAL\"}, \"title\": \"Race Condition\", \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T12:30:24.555Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"vendor-advisory\", \"x_transferred\"], \"url\": \"https://www.qualys.com/security-advisories/\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-28142\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-10T19:52:01.326887Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-03T19:22:03.385Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2023-28142\", \"assignerOrgId\": \"8a309ac4-d8c7-4735-9c1d-ca39c5dfbcda\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"Qualys\", \"dateReserved\": \"2023-03-10T21:23:28.797Z\", \"datePublished\": \"2023-04-18T15:51:58.344Z\", \"dateUpdated\": \"2025-03-03T19:22:08.808Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…