CVE-2023-5445
Vulnerability from cvelistv5
Published
2023-11-17 10:01
Modified
2024-08-02 07:59
Summary
An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user would need to be logged into ePO to trigger this vulnerability. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:59:44.718Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kcm.trellix.com/corporate/index?page=content\u0026id=SB10410"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ePolicy Orchestrator",
          "vendor": "Trellix",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 5.10.0 SP1 UP2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Lukasz Plonka"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user would need to be logged into ePO to trigger this vulnerability. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nAn open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user would need to be logged into ePO to trigger this vulnerability. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-194",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-194 Fake the Source of Data"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-17T10:01:36.927Z",
        "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "shortName": "trellix"
      },
      "references": [
        {
          "url": "https://kcm.trellix.com/corporate/index?page=content\u0026id=SB10410"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
    "assignerShortName": "trellix",
    "cveId": "CVE-2023-5445",
    "datePublished": "2023-11-17T10:01:36.927Z",
    "dateReserved": "2023-10-06T07:58:14.595Z",
    "dateUpdated": "2024-08-02T07:59:44.718Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-5445\",\"sourceIdentifier\":\"trellixpsirt@trellix.com\",\"published\":\"2023-11-17T10:15:08.167\",\"lastModified\":\"2024-11-21T08:41:47.000\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nAn open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user would need to be logged into ePO to trigger this vulnerability. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.\\n\\n\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de redireccionamiento abierto en ePolicy Orchestrator anterior a 5.10.0 CP1 Actualizaci\u00f3n 2 permite a un usuario remoto con pocos privilegios modificar el par\u00e1metro de URL con el fin de redirigir solicitudes de URL a un sitio malicioso. Esto afecta el \u00e1rea del tablero de la interfaz de usuario. Un usuario deber\u00eda iniciar sesi\u00f3n en ePO para activar esta vulnerabilidad. Para aprovechar esto, el atacante debe cambiar el payload HTTP posterior al env\u00edo, antes de que llegue al servidor de ePO.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"trellixpsirt@trellix.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"trellixpsirt@trellix.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.10.0\",\"matchCriteriaId\":\"A30F7908-5AF6-4761-BC6A-4C18EFAE48E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:service_pack_1_update:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E6BB53A-ECF6-4FBF-ADB0-D07BBD14225C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:service_pack_1_update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4C5D7EC-84F4-4B82-B8A2-82048C188578\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B00DDE7-7002-45BE-8EDE-65D964922CB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB88C165-BB24-49FB-AAF6-087A766D5AD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_11:*:*:*:*:*:*\",\"matchCriteriaId\":\"C879487A-3378-4C5D-9DA6-308D06B786A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_11_hotfix_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"01D8BF05-C02C-432A-AA3A-2FA20E6FD859\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_11_hotfix_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"66235835-40DC-4F35-B5E2-C673059ADCF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_12:*:*:*:*:*:*\",\"matchCriteriaId\":\"523E143F-E8B3-4B24-AD64-65BF5A8677A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_13:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AF53482-AE68-40F8-8FA6-0A2DAC019A34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_14:*:*:*:*:*:*\",\"matchCriteriaId\":\"62995EC0-0A00-4140-8C76-1D7648A9FB46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_15:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E5A7025-BC7B-43F4-BC66-902A10A0A200\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DE847E0-431D-497D-9C57-C4E59749F6A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*\",\"matchCriteriaId\":\"46385384-5561-40AA-9FDE-A2DE4FDFAD3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E4E5481-1070-4E1F-8679-1985DE4E785A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9EEA681-67FF-43B3-8610-0FA17FD279E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*\",\"matchCriteriaId\":\"C33BA8EA-793D-4E79-BE9C-235ACE717216\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*\",\"matchCriteriaId\":\"823DBE80-CB8D-4981-AE7C-28F3FDD40451\"}]}]}],\"references\":[{\"url\":\"https://kcm.trellix.com/corporate/index?page=content\u0026id=SB10410\",\"source\":\"trellixpsirt@trellix.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://kcm.trellix.com/corporate/index?page=content\u0026id=SB10410\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.