FKIE_CVE-2023-49321

Vulnerability from fkie_nvd - Published: 2023-11-27 00:15 - Updated: 2024-11-21 08:33
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.
References
cve@mitre.orghttps://www.withsecure.com/en/support/security-advisories/cve-2023-49321Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.withsecure.com/en/support/security-advisories/cve-2023-49321Vendor Advisory
Impacted products
Vendor Product Version
f-secure linux_protection 12.0
f-secure linux_security_64 12.0
linux linux_kernel -
f-secure atlant 1.0.35-1
f-secure client_security 15.00
f-secure elements_endpoint_protection *
f-secure email_and_server_security 15.00
f-secure server_security 15.00
microsoft windows -
f-secure client_security 15.00
f-secure elements_endpoint_protection *
apple macos -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f-secure:linux_protection:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "96B5DD2D-9D5C-4475-8E8D-24950C7C5E84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:linux_security_64:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BA4ED9C-9739-435C-940E-97D6B18F217A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f-secure:atlant:1.0.35-1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17C9517C-5EAD-4039-A80F-934D658143DC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
              "versionStartIncluding": "17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:email_and_server_security:15.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B976BB-2359-472B-8A70-4B854C2E6749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:server_security:15.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "96BF356E-12D9-4E39-AFAE-E7B03C8D7700",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283",
              "versionStartIncluding": "17.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1."
    },
    {
      "lang": "es",
      "value": "Ciertos productos WithSecure permiten una Denegaci\u00f3n de Servicio porque el escaneo de un archivo manipulado lleva mucho tiempo y hace que el esc\u00e1ner se cuelgue. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection for Mac 17 y posteriores, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, y WithSecure Atlant 1.0.35-1. "
    }
  ],
  "id": "CVE-2023-49321",
  "lastModified": "2024-11-21T08:33:14.090",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-11-27T00:15:07.280",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49321"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-49321"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.