FKIE_CVE-2023-20084
Vulnerability from fkie_nvd - Published: 2023-11-22 17:15 - Updated: 2024-11-21 07:40
Severity ?
5.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
4.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
4.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
Summary
A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could exploit this vulnerability by persuading a user to put a malicious file into a specific folder and then persuading the user to execute the file within a limited time window. A successful exploit could allow the attacker to cause the endpoint software to fail to quarantine the malicious file or kill its process. Note: This vulnerability only applies to deployments that have the Windows Folder Redirection feature enabled.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@cisco.com | https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd | Issue Tracking, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "73BBFC84-0CBF-4A1A-BC85-58743828CB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.0.7:*:*:*:*:windows:*:*",
"matchCriteriaId": "9CBD2020-8CEC-4803-B8D0-8B8C051E3A17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.0.9:*:*:*:*:windows:*:*",
"matchCriteriaId": "F61FA930-DE23-4BA5-B854-5E672534B14D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.1.5:*:*:*:*:windows:*:*",
"matchCriteriaId": "0DB04EC8-AE2F-4186-B9C1-C36CA7B639AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.1.7:*:*:*:*:windows:*:*",
"matchCriteriaId": "D6D13A24-5CE0-44CD-A6FC-E0656C5FC99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.1.9:*:*:*:*:windows:*:*",
"matchCriteriaId": "994F00AC-6728-455E-A785-65BBBE20C7CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.2.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "18C64C5D-0100-4350-9784-90A214CD6A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.2.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "6C4D34D1-809E-4910-A23A-10DF0C1A6997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.2.5:*:*:*:*:windows:*:*",
"matchCriteriaId": "C373761A-45AD-49E7-BF7E-27B7043A2769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.2.9:*:*:*:*:windows:*:*",
"matchCriteriaId": "C8A3A132-D202-4E5D-B9C1-DAF2916008FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.2.19:*:*:*:*:windows:*:*",
"matchCriteriaId": "A4E9E097-45BA-4009-AD4E-D8182E6068FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.3.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "42A92525-2605-455D-93A9-E4AF1995CCB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.3.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "10C46D21-DA26-46C6-9C1E-69A51D076210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.3.5:*:*:*:*:windows:*:*",
"matchCriteriaId": "7B56C363-A5B8-4F91-8414-4271D83E997D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.3.7:*:*:*:*:windows:*:*",
"matchCriteriaId": "6615CB6A-6B26-4F16-BC9B-6E8DB80B0DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.0.5:*:*:*:*:windows:*:*",
"matchCriteriaId": "AF8AF3D2-0507-470E-B8EA-45D2427FAA58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.1.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "AB6D5375-A4F4-4B24-B377-AE8DDA898F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.1.5:*:*:*:*:windows:*:*",
"matchCriteriaId": "160F070E-CB81-4DA6-88D1-A01639B8D9D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.2.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "879BF746-BF6F-4E19-9543-06DB4190F3B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.2.5:*:*:*:*:windows:*:*",
"matchCriteriaId": "3DCD32D3-5F52-45AC-952F-AED1DE87FDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.2.7:*:*:*:*:windows:*:*",
"matchCriteriaId": "4E9E10B5-D259-4E9D-8688-3A48970FC28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.2.11:*:*:*:*:windows:*:*",
"matchCriteriaId": "BE6734FD-FD35-4BD9-AE25-DA01D6B985E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.2.13:*:*:*:*:windows:*:*",
"matchCriteriaId": "3C013C0C-C5E5-43A3-BFAB-7B92A86C6620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.3.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "0CA4FD17-D6EE-4DBE-9F29-39D7AC67F6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.3.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "E56295B4-219E-41FA-843C-A271DFC2D167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.3.5:*:*:*:*:windows:*:*",
"matchCriteriaId": "60B7C0C9-401D-4658-A683-22300A0007B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.3.9:*:*:*:*:windows:*:*",
"matchCriteriaId": "1796BB1E-C26E-4394-A8C9-55D27A08367D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:8.1.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "D427238E-BFDC-4567-BAF8-C2DC5DDB3F6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:8.1.3.21242:*:*:*:*:windows:*:*",
"matchCriteriaId": "C5309996-3287-4844-A116-12EFE751DB50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:8.1.5:*:*:*:*:windows:*:*",
"matchCriteriaId": "53C0527C-79BB-4954-970F-04A06FBD13E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:8.1.5.21322:*:*:*:*:windows:*:*",
"matchCriteriaId": "94EFBC3A-9EA8-4922-BAB2-BA4AE6CC5287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:8.1.7:*:*:*:*:windows:*:*",
"matchCriteriaId": "A9B45180-615C-40D4-A726-0B19EEEC1052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:8.1.7.21417:*:*:*:*:windows:*:*",
"matchCriteriaId": "65D971B4-FC73-458C-80AA-A3EA0BB7DFD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:8.1.7.21512:*:*:*:*:windows:*:*",
"matchCriteriaId": "0CE68809-1B04-4C6D-AE6D-2AB8AE76DC5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35AC2B5C-975C-47E3-BC8B-AFFBBE59ED6F",
"versionEndExcluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could exploit this vulnerability by persuading a user to put a malicious file into a specific folder and then persuading the user to execute the file within a limited time window. A successful exploit could allow the attacker to cause the endpoint software to fail to quarantine the malicious file or kill its process. Note: This vulnerability only applies to deployments that have the Windows Folder Redirection feature enabled."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el software de endpoint de Cisco Secure Endpoint para Windows podr\u00eda permitir que un atacante local autenticado evada la protecci\u00f3n del endpoint dentro de un per\u00edodo de tiempo limitado. Esta vulnerabilidad se debe a un problema de sincronizaci\u00f3n que ocurre entre varios componentes de software. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario para que coloque un archivo malicioso en una carpeta espec\u00edfica y luego persuadi\u00e9ndolo para que ejecute el archivo dentro de un per\u00edodo de tiempo limitado. Un exploit exitoso podr\u00eda permitir al atacante hacer que el software del terminal no ponga en cuarentena el archivo malicioso o finalice su proceso. Nota: Esta vulnerabilidad solo se aplica a implementaciones que tienen habilitada la funci\u00f3n Redirecci\u00f3n de carpetas de Windows."
}
],
"id": "CVE-2023-20084",
"lastModified": "2024-11-21T07:40:31.210",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-22T17:15:18.317",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-437"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…