{"uuid": "d74a3b4a-ce41-4a86-a8c8-a3c43af5aaf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28141", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6253", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-28141\n\ud83d\udd25 CVSS Score: 6.7 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: \nAn NTFS Junction condition exists in the Qualys Cloud Agent\nfor Windows platform in versions before 4.8.0.31. Attackers may write files to\narbitrary locations via a local attack vector. This allows attackers to assume\nthe privileges of the process, and they may delete or otherwise on unauthorized\nfiles, allowing for the potential modification or deletion of sensitive files\nlimited only to that specific directory/file object. This vulnerability is\nbounded to the time of installation/uninstallation and can only be exploited locally.\n\n\n\nAt the time of this disclosure, versions before 4.0 are\nclassified as End of Life.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\ud83d\udccf Published: 2023-04-18T15:50:19.411Z\n\ud83d\udccf Modified: 2025-03-03T19:22:56.830Z\n\ud83d\udd17 References:\n1. https://www.qualys.com/security-advisories/", "creation_timestamp": "2025-03-03T19:30:43.000000Z"}