Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.3
CVSSv3

CVE-2023-28141

Published: 18/04/2023 Updated: 28/04/2023
CVSS v3 Base Score: 6.3 | Impact Score: 5.2 | Exploitability Score: 1
VMScore: 0
Subscribe to Cloud Agent

Vulnerability Summary

An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions prior to 4.8.0.31. Attackers may write files to arbitrary locations via a local attack vector. This allows malicious users to assume the privileges of the process, and they may delete or otherwise on unauthorized files, allowing for the potential modification or deletion of sensitive files limited only to that specific directory/file object. This vulnerability is bounded to the time of installation/uninstallation and can only be exploited locally. At the time of this disclosure, versions prior to 4.0 are classified as End of Life.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qualys cloud agent

References

NVD-CWE-noinfohttps://www.qualys.com/security-advisories/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298CVE-2024-20356CVE-2023-21987CVE-2024-33217bypassCVE-2024-31804CVE-2024-32660unauthorizedSSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook