Common Weakness Enumeration

CWE-269

Discouraged

Improper Privilege Management

Abstraction: Class · Status: Draft

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

5455 vulnerabilities reference this CWE, most recent first.

CVE-2024-6325 (GCVE-0-2024-6325)

Vulnerability from cvelistv5 – Published: 2024-07-16 16:43 – Updated: 2024-08-01 21:33
VLAI
Title
Rockwell Automation Unsecured Private Keys in FactoryTalk® System Services
Summary
The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  and CVE-2022-1161. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Date Public
2024-07-11 13:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6325",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-16T18:04:54.518272Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-17T15:47:32.018Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:33:05.423Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1678.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FactoryTalk\u00ae System Services (installed via FTPM)",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "6.40"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FactoryTalk\u00ae Policy Manager (FTPM)",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "v6.40"
            }
          ]
        }
      ],
      "datePublic": "2024-07-11T13:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe v6.40 release of Rockwell Automation FactoryTalk\u00ae Policy Manager\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u0026nbsp;allowed \u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethe private keys to be insecurely stored with read and execute privileges for the Windows group, \u2018Everyone\u2019. These keys are used to generate digital certificates and pre-shared keys. This vulnerability could allow a malicious user with access to the machine to obtain private keys. If obtained, a malicious user could impersonate resources on the secured network. \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003eFor customers\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;using FactoryTalk\u00ae Policy Manager v6.40 who mitigated\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u0026nbsp;\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html\"\u003eCVE-2021-22681\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html\"\u003eCVE-2022-1161\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;by implementing CIP security and did not update to the versions of the software\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u0026nbsp;\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethat contain the remediation, this vulnerability could allow a threat actor to exploit \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html\"\u003eCVE-2022-1161\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html\"\u003eCVE-2022-1161.\u003c/a\u003e\n\n"
            }
          ],
          "value": "The v6.40 release of Rockwell Automation FactoryTalk\u00ae Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html \u00a0and  CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html \u00a0by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html \u00a0and  CVE-2022-1161. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-122",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-122 Privilege Abuse"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-16T16:43:44.494Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1678.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eUsers using the affected software are encouraged to implement the following steps to invalidate the existing vulnerable private keys/digital certificates and regenerate new secure ones.\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; Clear CIP Security configurations from devices and from FactoryTalk\u00ae Policy Manager\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; Update FactoryTalk\u00ae System Services and FactoryTalk\u00ae Policy Manager to v6.40.01\u003c/p\u003e\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; Redeploy CIP Security Policy \u003c/p\u003e\u003cp\u003eDetailed steps are below \u003cb\u003e(FactoryTalk System Services (FTSS) is updated through the installation of FactoryTalk Policy Manager (FTPM)\u003c/b\u003e\u003c/p\u003e\u003cp\u003e1) \u0026nbsp; \u0026nbsp;  Remove deployed security policy from all devices using FactoryTalk\u00ae Policy Manager (FTPM):\u003c/p\u003e\u003cp\u003ea. \u0026nbsp; \u0026nbsp; \u0026nbsp; Open FTPM.\u003c/p\u003e\u003cp\u003eb. \u0026nbsp; \u0026nbsp; \u0026nbsp; Document all Zone\u2019s security settings and all Conduit\u2019s settings as you must re-create them after updating FTPM.\u003c/p\u003e\u003cp\u003ec. \u0026nbsp; \u0026nbsp; \u0026nbsp; Change all devices port\u2019s Policies \u0026gt; Zone values to the \u201cUnassigned\u201d Zone.\u003c/p\u003e\u003cp\u003ed. \u0026nbsp; \u0026nbsp; \u0026nbsp; Delete all zones and conduits.\u003c/p\u003e\u003cp\u003ee. \u0026nbsp; \u0026nbsp; \u0026nbsp; Deploy (CIP).  Ensure that all endpoints were reset successfully.\u003c/p\u003e\u003cp\u003ef. \u0026nbsp; \u0026nbsp; \u0026nbsp;  [migrating from v6.40 only] Deploy (OPC UA).  Ensure all endpoints were reset successfully.\u003c/p\u003e\u003cp\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;  i. \u0026nbsp; \u0026nbsp;  For any OPC UA clients, perform whatever steps are required by those clients to remove the previously applied certificates.\u003c/p\u003e\u003cp\u003eg. \u0026nbsp; \u0026nbsp; \u0026nbsp; Close FTPM\u003c/p\u003e\u003cp\u003e2) \u0026nbsp; \u0026nbsp;  Delete the \\FTSS_backup folder:\u003c/p\u003e\u003cp\u003ea. \u0026nbsp; \u0026nbsp; \u0026nbsp; c:\\ProgramData\\Rockwell\\RNAServer\\Global\\RnaStore\\FTSS_Backup\u003c/p\u003e\u003cp\u003e3) \u0026nbsp; \u0026nbsp;  Delete the \\keystore folder:\u003c/p\u003e\u003cp\u003ea. \u0026nbsp; \u0026nbsp; \u0026nbsp; c:\\ProgramData\\Rockwell Automation\\FactoryTalk System Services\\keystore\u003c/p\u003e\u003cp\u003e4) \u0026nbsp; \u0026nbsp;  Delete any backup copies of the \\keystore folder.  They will be named the same as the \\keystore folder but with a suffix appended to it, like:\u003c/p\u003e\u003cp\u003ea. \u0026nbsp; \u0026nbsp; \u0026nbsp; c:\\ProgramData\\Rockwell Automation\\FactoryTalk System Services\\ keystore_source_2024_04_25_12_25_38_541566\u003c/p\u003e\u003cp\u003e5) \u0026nbsp; \u0026nbsp;  Delete the PSKs.json file:\u003c/p\u003e\u003cp\u003ea. \u0026nbsp; \u0026nbsp; \u0026nbsp; c:\\ProgramData\\Rockwell Automation\\FactoryTalk System Services\\PSKs.json\u003c/p\u003e\u003cp\u003e6) \u0026nbsp; \u0026nbsp;  Delete any backup copies of the PSKs.json file.  They will be named the same as the PSKs.json file but with a suffix appended to it, like:\u003c/p\u003e\u003cp\u003ea. \u0026nbsp; \u0026nbsp; \u0026nbsp; c:\\ProgramData\\Rockwell Automation\\FactoryTalk System Services\\ PSKs.json_source_2024_05_17_07_38_25_200356\u003c/p\u003e\u003cp\u003e7) \u0026nbsp; \u0026nbsp;  Install FactoryTalk\u00ae Policy Manager version 6.40.01.\u003c/p\u003e\u003cp\u003ea. \u0026nbsp; \u0026nbsp; \u0026nbsp; Restart the computer when prompted at the end of the install.\u003c/p\u003e\u003cp\u003e8) \u0026nbsp; \u0026nbsp;  Open FTPM.  FTPM will attempt to connect to the FactoryTalk\u00ae System Services web server before proceeding.\u003c/p\u003e\u003cp\u003e9) \u0026nbsp; \u0026nbsp;  If FTPM could not successfully connect to FactoryTalk\u00ae System Services (FTSS), it is because the FTSS service hasn\u2019t started yet.  It will eventually start or else you can start the FTSS service manually in Windows Services.\u003c/p\u003e\u003cp\u003e10) \u0026nbsp; Re-create the original Zones.\u003c/p\u003e\u003cp\u003e11) \u0026nbsp; Move the devices from the unassigned Zone back to their original zones.\u003c/p\u003e\u003cp\u003e12) \u0026nbsp; Re-create the original Conduits.\u003c/p\u003e\u003cp\u003e13) \u0026nbsp; Deploy (CIP endpoints).\u003c/p\u003e\u003cp\u003e14) \u0026nbsp; [migrating from v6.40 only] Deploy (OPC UA endpoints).\u003c/p\u003e\u003cp\u003ea. \u0026nbsp; \u0026nbsp; \u0026nbsp; For any OPC UA client endpoints, manually apply the newly generated certificates from this deploy.\u003c/p\u003e\u003cp\u003eAdditionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability.\u003c/p\u003e\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Users using the affected software are encouraged to implement the following steps to invalidate the existing vulnerable private keys/digital certificates and regenerate new secure ones.\n\n Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
        }
      ],
      "source": {
        "advisory": "SD1678",
        "discovery": "INTERNAL"
      },
      "title": "Rockwell Automation Unsecured Private Keys in FactoryTalk\u00ae System Services",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2024-6325",
    "datePublished": "2024-07-16T16:43:44.494Z",
    "dateReserved": "2024-06-25T15:13:41.907Z",
    "dateUpdated": "2024-08-01T21:33:05.423Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6240 (GCVE-0-2024-6240)

Vulnerability from cvelistv5 – Published: 2024-06-21 13:33 – Updated: 2024-08-01 21:33
VLAI
Title
Improper privilege management vulnerability in Parallels Desktop
Summary
Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV environment variable with the path to the malicious script, executing on application startup. An attacker could exploit this vulnerability to escalate privileges on the system.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
Parallels Parallels Desktop Affected: 0 , < 19.3.0 (custom)
Create a notification for this product.
parallels parallels_desktop Affected: 0 , < 19.3.0 (custom)
    cpe:2.3:a:parallels:parallels_desktop:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-06-21 10:00
Credits
Carlos Polop Martín
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:parallels:parallels_desktop:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "parallels_desktop",
            "vendor": "parallels",
            "versions": [
              {
                "lessThan": "19.3.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6240",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T14:46:56.727537Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T14:49:13.000Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:33:05.241Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/improper-privilege-management-vulnerability-parallels-desktop"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Parallels Desktop",
          "vendor": "Parallels",
          "versions": [
            {
              "lessThan": "19.3.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Carlos Polop Mart\u00edn"
        }
      ],
      "datePublic": "2024-06-21T10:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": " Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV environment variable with the path to the malicious script, executing on application startup. An attacker could exploit this vulnerability to escalate privileges on the system."
            }
          ],
          "value": "Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV environment variable with the path to the malicious script, executing on application startup. An attacker could exploit this vulnerability to escalate privileges on the system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T13:33:53.197Z",
        "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "shortName": "INCIBE"
      },
      "references": [
        {
          "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/improper-privilege-management-vulnerability-parallels-desktop"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The vulnerability has been fixed by the manufacturer Parallels in version 19.3.0."
            }
          ],
          "value": "The vulnerability has been fixed by the manufacturer Parallels in version 19.3.0."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Improper privilege management vulnerability in Parallels Desktop",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
    "assignerShortName": "INCIBE",
    "cveId": "CVE-2024-6240",
    "datePublished": "2024-06-21T13:33:53.197Z",
    "dateReserved": "2024-06-21T06:53:37.612Z",
    "dateUpdated": "2024-08-01T21:33:05.241Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-5909 (GCVE-0-2024-5909)

Vulnerability from cvelistv5 – Published: 2024-06-12 16:29 – Updated: 2024-08-01 21:25
VLAI
Title
Cortex XDR Agent: Local Windows User Can Disable the Agent
Summary
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
Vendor Product Version
Palo Alto Networks Cortex XDR Agent Unaffected: 8.4.0
Unaffected: 8.3.0
Affected: 8.2.0 , < 8.2.1 (custom)
Affected: 8.1.0 , < 8.1.2 (custom)
Affected: 7.9-CE , < 7.9.102-CE (custom)
Create a notification for this product.
Date Public
2024-06-12 07:00
Credits
Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5909",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T19:51:54.433806Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-12T19:52:05.711Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:25:03.192Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2024-5909"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "8.4.0"
            },
            {
              "status": "unaffected",
              "version": "8.3.0"
            },
            {
              "changes": [
                {
                  "at": "8.2.1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "8.2.1",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "8.1.2",
                  "status": "unaffected"
                }
              ],
              "lessThan": "8.1.2",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "7.9.102-CE",
                  "status": "unaffected"
                }
              ],
              "lessThan": "7.9.102-CE",
              "status": "affected",
              "version": "7.9-CE",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
        }
      ],
      "datePublic": "2024-06-12T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.\u003c/p\u003e"
            }
          ],
          "value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-578",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-578 Disable Security Software"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-12T16:29:23.822Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2024-5909"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThis issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions.\u003c/p\u003e"
            }
          ],
          "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
        }
      ],
      "source": {
        "defect": [
          "CPATR-21835",
          "CPATR-21826"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-06-12T16:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XDR Agent: Local Windows User Can Disable the Agent",
      "x_generator": {
        "engine": "vulnogram 0.1.0-rc1"
      },
      "x_legacyV4Record": {
        "CNA_private": {
          "Priority": "normal",
          "STATE": "review",
          "TYPE": "advisory",
          "affectedKeywords": [
            "Cortex XDR Agent 8.3",
            "Cortex XDR Agent 8.2",
            "Cortex XDR Agent 8.1",
            "Cortex XDR Agent 7.9-CE",
            "Cortex XDR Agent 7.5-CE",
            "Cortex XDR Agent 5.0",
            "Cortex XDR Agent"
          ],
          "affectsSummary": {
            "affected": [
              "None",
              "None",
              "\u003c 8.2.1 on Windows",
              "\u003c 8.1.2 on Windows",
              "\u003c 7.9.102-CE on Windows"
            ],
            "appliesTo": [
              "Cortex XDR Agent 8.4",
              "Cortex XDR Agent 8.3",
              "Cortex XDR Agent 8.2",
              "Cortex XDR Agent 8.1",
              "Cortex XDR Agent 7.9-CE"
            ],
            "product_versions": [
              "Cortex XDR Agent 8.4",
              "Cortex XDR Agent 8.3",
              "Cortex XDR Agent 8.2",
              "Cortex XDR Agent 8.1",
              "Cortex XDR Agent 7.9-CE"
            ],
            "unaffected": [
              "All",
              "All",
              "\u003e= 8.2.1 on Windows",
              "\u003e= 8.1.2 on Windows",
              "\u003e= 7.9.102-CE on Windows"
            ],
            "unknown": [
              "",
              "",
              "",
              "",
              ""
            ]
          },
          "owner": "abaishya",
          "publish": {
            "month": "06",
            "year": "2024",
            "ym": "2024-06"
          },
          "share_with_CVE": true,
          "show_cvss": true
        },
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2024-06-12T16:00:00.000Z",
          "ID": "CVE-2023-case-CPATR-21826",
          "STATE": "PUBLIC",
          "TITLE": "Cortex XDR Agent: Local Windows User Can Disable the Agent"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cortex XDR Agent",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "8.3",
                            "version_value": "None"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "8.2",
                            "version_value": "8.2.1"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!\u003e=",
                            "version_name": "8.2",
                            "version_value": "8.2.1"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "8.1",
                            "version_value": "8.1.2"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!\u003e=",
                            "version_name": "8.1",
                            "version_value": "8.1.2"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "7.9-CE",
                            "version_value": "7.9.102-CE"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!\u003e=",
                            "version_name": "7.9-CE",
                            "version_value": "7.9.102-CE"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "8.3",
                            "version_value": "All"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "8.4",
                            "version_value": "None"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "8.4",
                            "version_value": "All"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Palo Alto Networks thanks Manuel Feifel of VUREX (InfoGuard AG) for discovering and reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
          }
        ],
        "generator": {
          "engine": "vulnogram 0.1.0-rc1"
        },
        "impact": {
          "cvss": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-269 Improper Privilege Management"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "refsource": "CONFIRM",
              "url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-21826"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.1.2, Cortex XDR agent 8.2.1, and all later Cortex XDR agent versions."
          }
        ],
        "source": {
          "defect": [
            "CPATR-21835",
            "CPATR-21826"
          ],
          "discovery": "EXTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2024-06-12T00:00:00.000Z",
            "value": "Initial publication"
          }
        ],
        "x_advisoryEoL": false,
        "x_affectedList": [
          "Cortex XDR Agent 8.3",
          "Cortex XDR Agent 8.2",
          "Cortex XDR Agent 8.1",
          "Cortex XDR Agent 7.9-CE",
          "Cortex XDR Agent 7.5-CE",
          "Cortex XDR Agent 5.0"
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2024-5909",
    "datePublished": "2024-06-12T16:29:23.822Z",
    "dateReserved": "2024-06-12T15:27:55.683Z",
    "dateUpdated": "2024-08-01T21:25:03.192Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-5907 (GCVE-0-2024-5907)

Vulnerability from cvelistv5 – Published: 2024-06-12 16:26 – Updated: 2024-08-01 21:25
VLAI
Title
Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability
Summary
A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
Vendor Product Version
Palo Alto Networks Cortex XDR Agent Affected: 7.9-CE , < 7.9.102-CE (custom)
Affected: 8.1.0
Affected: 8.2.0 , < 8.2.3 (custom)
Affected: 8.3.0 , < 8.3.1 (custom)
Unaffected: 8.4.0
Create a notification for this product.
Date Public
2024-06-12 07:00
Credits
Palo Alto Networks thanks Orange Cyberdefense Switzerland's Research Team for discovering and reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5907",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-11-08T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-14T03:56:05.821Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:25:03.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2024-5907"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Cortex XDR Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "7.9.102-CE",
                  "status": "unaffected"
                }
              ],
              "lessThan": "7.9.102-CE",
              "status": "affected",
              "version": "7.9-CE",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "8.1.0"
            },
            {
              "changes": [
                {
                  "at": "8.2.3",
                  "status": "unaffected"
                }
              ],
              "lessThan": "8.2.3",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "8.3.1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "8.3.1",
              "status": "affected",
              "version": "8.3.0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "8.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Palo Alto Networks thanks Orange Cyberdefense Switzerland\u0027s Research Team for discovering and reporting this issue."
        }
      ],
      "datePublic": "2024-06-12T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.\u003c/p\u003e"
            }
          ],
          "value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-12T16:26:39.742Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2024-5907"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThis issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024.\u003c/p\u003e"
            }
          ],
          "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024."
        }
      ],
      "source": {
        "defect": [
          "CPATR-23348"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-06-12T16:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability",
      "x_generator": {
        "engine": "vulnogram 0.1.0-rc1"
      },
      "x_legacyV4Record": {
        "CNA_private": {
          "Current-Status": "Verify with Alain how they want to be acknowledged",
          "Priority": "normal",
          "STATE": "review",
          "TYPE": "advisory",
          "affectsSummary": {
            "affected": [
              "None",
              "\u003c 8.3.1 on Windows",
              "\u003c 8.2.3 on Windows",
              "All",
              "\u003c 7.9.102-CE on Windows"
            ],
            "appliesTo": [
              "Cortex XDR Agent 8.4",
              "Cortex XDR Agent 8.3",
              "Cortex XDR Agent 8.2",
              "Cortex XDR Agent 8.1",
              "Cortex XDR Agent 7.9-CE"
            ],
            "product_versions": [
              "Cortex XDR Agent 8.4",
              "Cortex XDR Agent 8.3",
              "Cortex XDR Agent 8.2",
              "Cortex XDR Agent 8.1",
              "Cortex XDR Agent 7.9-CE"
            ],
            "unaffected": [
              "All",
              "\u003e= 8.3.1 on Windows",
              "\u003e= 8.2.3 on Windows",
              "None",
              "\u003e= 7.9.102-CE on Windows"
            ],
            "unknown": [
              "",
              "",
              "",
              "",
              ""
            ]
          },
          "owner": "abaishya",
          "publish": {
            "month": "06",
            "year": "2024",
            "ym": "2024-06"
          },
          "share_with_CVE": true,
          "show_cvss": true
        },
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2024-06-12T16:00:00.000Z",
          "ID": "CVE-2023-case-CPATR-23348",
          "STATE": "PUBLIC",
          "TITLE": "Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cortex XDR Agent",
                      "version": {
                        "version_data": [
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "7.9-CE",
                            "version_value": "7.9.102-CE"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!\u003e=",
                            "version_name": "7.9-CE",
                            "version_value": "7.9.102-CE"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "8.2",
                            "version_value": "8.2.3"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!\u003e=",
                            "version_name": "8.2",
                            "version_value": "8.2.3"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "8.3",
                            "version_value": "8.3.1"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!\u003e=",
                            "version_name": "8.3",
                            "version_value": "8.3.1"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "8.4",
                            "version_value": "None"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "8.4",
                            "version_value": "All"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "8.1",
                            "version_value": "All"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "8.1",
                            "version_value": "None"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Palo Alto Networks thanks Alain Mowat of Orange Cyberdefense for discovering and reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
          }
        ],
        "generator": {
          "engine": "vulnogram 0.1.0-rc1"
        },
        "impact": {
          "cvss": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "MODERATE"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-269 Improper Privilege Management"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "refsource": "CONFIRM",
              "url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-23348"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024."
          }
        ],
        "source": {
          "defect": [
            "CPATR-23348"
          ],
          "discovery": "EXTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2024-06-12T00:00:00.000Z",
            "value": "Initial publication"
          }
        ],
        "x_advisoryEoL": false
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2024-5907",
    "datePublished": "2024-06-12T16:26:39.742Z",
    "dateReserved": "2024-06-12T15:27:55.262Z",
    "dateUpdated": "2024-08-01T21:25:03.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-5759 (GCVE-0-2024-5759)

Vulnerability from cvelistv5 – Published: 2024-06-12 16:00 – Updated: 2024-08-01 21:18
VLAI
Title
Improper privilege management
Summary
An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
Vendor Product Version
Tenable Security Center Affected: 0 , < 6.4.0 (custom)
Create a notification for this product.
tenable security_center Affected: 0 , < 6.4.0 (custom)
    cpe:2.3:a:tenable:security_center:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-06-10 19:00
Credits
Anggi Saputra
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:tenable:security_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "security_center",
            "vendor": "tenable",
            "versions": [
              {
                "lessThan": "6.4.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5759",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T18:06:59.101525Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-12T18:15:21.644Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:18:07.054Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2024-10"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Security Center",
          "vendor": "Tenable",
          "versions": [
            {
              "lessThan": "6.4.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Anggi Saputra"
        }
      ],
      "datePublic": "2024-06-10T19:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nAn improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges\n\n"
            }
          ],
          "value": "An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-12T16:00:26.228Z",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2024-10"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nTenable has released Security Center 6.4.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/security-center\"\u003ehttps://www.tenable.com/downloads/security-center\u003c/a\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Tenable has released Security Center 6.4.0 to address these issues. The installation files can be obtained from the Tenable Downloads Portal:  https://www.tenable.com/downloads/security-center"
        }
      ],
      "source": {
        "advisory": "TNS-2024-10",
        "discovery": "EXTERNAL"
      },
      "title": "Improper privilege management",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2024-5759",
    "datePublished": "2024-06-12T16:00:26.228Z",
    "dateReserved": "2024-06-07T18:44:26.130Z",
    "dateUpdated": "2024-08-01T21:18:07.054Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-5566 (GCVE-0-2024-5566)

Vulnerability from cvelistv5 – Published: 2024-07-16 21:26 – Updated: 2024-08-01 21:18
VLAI
Title
Improper Privilege Management allows for access to unauthorized repository content during migration
Summary
An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
GitHub GitHub Enterprise Server Affected: 3.9.0 , ≤ 3.9.16 (semver)
Affected: 3.10.0 , ≤ 3.10.13 (semver)
Affected: 3.11.0 , ≤ 3.11.11 (semver)
Affected: 3.12.0 , ≤ 3.12.5 (semver)
Affected: 3.13 , ≤ 3.13.0 (semver)
Create a notification for this product.
Credits
Ganesh Kumar (iamgk808)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5566",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-18T18:06:32.677272Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-22T19:47:55.185Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:18:06.292Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.14"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.10"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "GitHub Enterprise Server",
          "vendor": "GitHub",
          "versions": [
            {
              "changes": [
                {
                  "at": "3.9.17",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.9.16",
              "status": "affected",
              "version": "3.9.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.10.14",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.10.13",
              "status": "affected",
              "version": "3.10.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.11.12",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.11.11",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.12.6",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.12.5",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.13.1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.13.0",
              "status": "affected",
              "version": "3.13",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ganesh Kumar (iamgk808)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17.\u003cbr\u003e"
            }
          ],
          "value": "An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-16T21:26:46.902Z",
        "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
        "shortName": "GitHub_P"
      },
      "references": [
        {
          "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.17"
        },
        {
          "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.14"
        },
        {
          "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.10"
        },
        {
          "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.6"
        },
        {
          "url": "https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Improper Privilege Management allows for access to unauthorized repository content during migration",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
    "assignerShortName": "GitHub_P",
    "cveId": "CVE-2024-5566",
    "datePublished": "2024-07-16T21:26:46.902Z",
    "dateReserved": "2024-05-31T15:02:06.763Z",
    "dateUpdated": "2024-08-01T21:18:06.292Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-5525 (GCVE-0-2024-5525)

Vulnerability from cvelistv5 – Published: 2024-05-31 07:35 – Updated: 2024-08-01 21:18
VLAI
Title
Improper privilege management vulnerability in Astrotalks
Summary
Improper privilege management vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows a local user to access the application as an administrator without any provided credentials, allowing the attacker to perform administrative actions.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
Astrotalks Astrotalks Affected: 03/10/2023 (custom)
Create a notification for this product.
astrotalks astrotalks Affected: 03\/10\/2023
    cpe:2.3:a:astrotalks:astrotalks:03\/10\/2023:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-05-30 10:00
Credits
David Utón Amaya (m3n0sd0n4ld)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:astrotalks:astrotalks:03\\/10\\/2023:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "astrotalks",
            "vendor": "astrotalks",
            "versions": [
              {
                "status": "affected",
                "version": "03\\/10\\/2023"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5525",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-25T18:28:36.936439Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-25T18:30:42.467Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:18:06.467Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-astrotalks"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Astrotalks",
          "vendor": "Astrotalks",
          "versions": [
            {
              "status": "affected",
              "version": "03/10/2023",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "David Ut\u00f3n Amaya (m3n0sd0n4ld)"
        }
      ],
      "datePublic": "2024-05-30T10:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper privilege management vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows a local user to access the application as an administrator without any provided credentials, allowing the attacker to perform administrative actions."
            }
          ],
          "value": "Improper privilege management vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows a local user to access the application as an administrator without any provided credentials, allowing the attacker to perform administrative actions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-31T07:35:15.721Z",
        "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "shortName": "INCIBE"
      },
      "references": [
        {
          "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-astrotalks"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The vulnerability has been fixed in the new versions."
            }
          ],
          "value": "The vulnerability has been fixed in the new versions."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Improper privilege management vulnerability in Astrotalks",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
    "assignerShortName": "INCIBE",
    "cveId": "CVE-2024-5525",
    "datePublished": "2024-05-31T07:35:15.721Z",
    "dateReserved": "2024-05-30T08:48:46.774Z",
    "dateUpdated": "2024-08-01T21:18:06.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-5009 (GCVE-0-2024-5009)

Vulnerability from cvelistv5 – Published: 2024-06-25 19:58 – Updated: 2024-08-01 20:55
VLAI
Title
WhatsUp Gold SetAdminPassword Improper Access Control Privilege Escalation Vulnerability
Summary
In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
Progress Software Corporation WhatsUp Gold Affected: 2023.1.0 , < 2023.1.3 (semver)
Create a notification for this product.
progress whatsup_gold Affected: 2023.1.0 , < 2023.1.3 (semver)
    cpe:2.3:a:progress:whatsup_gold:2023.1.0:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:progress:whatsup_gold:2023.1.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "whatsup_gold",
            "vendor": "progress",
            "versions": [
              {
                "lessThan": "2023.1.3",
                "status": "affected",
                "version": "2023.1.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5009",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-09T03:55:42.940668Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-09T12:52:21.662Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:55:10.390Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "product",
              "x_transferred"
            ],
            "url": "https://www.progress.com/network-monitoring"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "modules": [
            "API Endpoint"
          ],
          "platforms": [
            "Windows"
          ],
          "product": "WhatsUp Gold",
          "vendor": "Progress Software Corporation",
          "versions": [
            {
              "lessThan": "2023.1.3",
              "status": "affected",
              "version": "2023.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In WhatsUp Gold versions released before 2023.1.3,\u0026nbsp;\u003cspan style=\"background-color: rgba(161, 189, 217, 0.08);\"\u003ean Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword \u003ccode\u003eallows local attackers to modify admin\u0027s password.\u003c/code\u003e\u003c/span\u003e\u003cspan style=\"background-color: rgba(161, 189, 217, 0.08);\"\u003e\u003cspan style=\"background-color: rgba(9, 30, 66, 0.06);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "In WhatsUp Gold versions released before 2023.1.3,\u00a0an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin\u0027s password."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-113",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-113 API Manipulation"
            }
          ]
        },
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-25T19:58:48.237Z",
        "orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
        "shortName": "ProgressSoftware"
      },
      "references": [
        {
          "tags": [
            "product"
          ],
          "url": "https://www.progress.com/network-monitoring"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "WhatsUp Gold SetAdminPassword Improper Access Control Privilege Escalation Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
    "assignerShortName": "ProgressSoftware",
    "cveId": "CVE-2024-5009",
    "datePublished": "2024-06-25T19:58:48.237Z",
    "dateReserved": "2024-05-16T15:59:50.763Z",
    "dateUpdated": "2024-08-01T20:55:10.390Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-4988 (GCVE-0-2024-4988)

Vulnerability from cvelistv5 – Published: 2024-05-21 10:04 – Updated: 2024-08-21 05:37
VLAI
Title
Improper permission control in com.transsion.videocallenhancer
Summary
The mobile application (com.transsion.videocallenhancer) interface has improper permission control, which can lead to the risk of private file leakage.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
  • CWE-284 - Improper Access Control
Assigner
Impacted products
Vendor Product Version
TECNO com.transsion.videocallenhancer Affected: 1.1.9.973
Create a notification for this product.
tecno com.transsion.videocallenhancer Affected: 1.1.9.973
    cpe:2.3:a:tecno:com.transsion.videocallenhancer:1.1.9.973:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:tecno:com.transsion.videocallenhancer:1.1.9.973:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "com.transsion.videocallenhancer",
            "vendor": "tecno",
            "versions": [
              {
                "status": "affected",
                "version": "1.1.9.973"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-4988",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T14:02:46.440075Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-284",
                "description": "CWE-284 Improper Access Control",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:54:46.204Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:55:10.443Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.tecno.com/SRC/blogdetail/250?lang=en_US"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.tecno.com/SRC/securityUpdates"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "com.transsion.videocallenhancer",
          "vendor": "TECNO",
          "versions": [
            {
              "status": "affected",
              "version": "1.1.9.973"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The mobile application (com.transsion.videocallenhancer) interface has improper permission control, which can lead to the risk of private file leakage."
            }
          ],
          "value": "The mobile application (com.transsion.videocallenhancer) interface has improper permission control, which can lead to the risk of private file leakage."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-21T05:37:55.582Z",
        "orgId": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea",
        "shortName": "TECNOMobile"
      },
      "references": [
        {
          "url": "https://security.tecno.com/SRC/blogdetail/250?lang=en_US"
        },
        {
          "url": "https://security.tecno.com/SRC/securityUpdates?type=SA"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Improper permission control in com.transsion.videocallenhancer",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea",
    "assignerShortName": "TECNOMobile",
    "cveId": "CVE-2024-4988",
    "datePublished": "2024-05-21T10:04:10.672Z",
    "dateReserved": "2024-05-16T07:03:34.779Z",
    "dateUpdated": "2024-08-21T05:37:55.582Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-4545 (GCVE-0-2024-4545)

Vulnerability from cvelistv5 – Published: 2024-05-09 18:12 – Updated: 2024-08-01 20:47
VLAI
Title
EDB Postgres Advanced Server (EPAS) authenticated file read permissions bypass using edbldr
Summary
All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pg_read_server_files. This could allow low privilege users to read files to which they would not otherwise have access.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
EDB
Impacted products
Vendor Product Version
EnterpriseDB EDB Postgres Advanced Server Affected: 15.0 , < 15.7.0 (custom)
Affected: 16.0 , < 16.3.0 (custom)
Create a notification for this product.
Date Public
2024-05-09 18:10
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4545",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-10T13:16:47.766868Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:55:25.980Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:47:40.854Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.enterprisedb.com/docs/epas/15/epas_rel_notes/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.enterprisedb.com/docs/epas/latest/epas_rel_notes/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.enterprisedb.com/docs/security/advisories/cve20244545/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "EDB Postgres Advanced Server",
          "vendor": "EnterpriseDB",
          "versions": [
            {
              "lessThan": "15.7.0",
              "status": "affected",
              "version": "15.0",
              "versionType": "custom"
            },
            {
              "lessThan": "16.3.0",
              "status": "affected",
              "version": "16.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-05-09T18:10:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: transparent;\"\u003eAll versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using \u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003eedbldr\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e to bypass role permissions from \u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003epg_read_server_files\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e. This could allow low privilege users to read files to which they would not otherwise have access.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nAll versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pg_read_server_files. This could allow low privilege users to read files to which they would not otherwise have access.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-180",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-09T18:12:18.399Z",
        "orgId": "20be33e2-bf35-4d13-8fad-18bd2f3e3659",
        "shortName": "EDB"
      },
      "references": [
        {
          "url": "https://www.enterprisedb.com/docs/epas/15/epas_rel_notes/"
        },
        {
          "url": "https://www.enterprisedb.com/docs/epas/latest/epas_rel_notes/"
        },
        {
          "url": "https://www.enterprisedb.com/docs/security/advisories/cve20244545/"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "EDB Postgres Advanced Server (EPAS) authenticated file read permissions bypass using edbldr",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "20be33e2-bf35-4d13-8fad-18bd2f3e3659",
    "assignerShortName": "EDB",
    "cveId": "CVE-2024-4545",
    "datePublished": "2024-05-09T18:12:18.399Z",
    "dateReserved": "2024-05-06T13:09:28.537Z",
    "dateUpdated": "2024-08-01T20:47:40.854Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-48
Architecture and Design

Strategy: Separation of Privilege

Follow the principle of least privilege when assigning access rights to entities in a software system.

Mitigation MIT-49
Architecture and Design

Strategy: Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

CAPEC-122: Privilege Abuse

An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.

CAPEC-233: Privilege Escalation

An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.

CAPEC-58: Restful Privilege Elevation

An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.