cve-2023-20084
Vulnerability from cvelistv5
Published
2023-11-22 17:09
Modified
2024-08-02 08:57
Severity ?
EPSS score ?
Summary
A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could exploit this vulnerability by persuading a user to put a malicious file into a specific folder and then persuading the user to execute the file within a limited time window. A successful exploit could allow the attacker to cause the endpoint software to fail to quarantine the malicious file or kill its process. Note: This vulnerability only applies to deployments that have the Windows Folder Redirection feature enabled.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Secure Endpoint |
Version: 6.0.9 Version: 6.0.7 Version: 6.1.5 Version: 6.1.7 Version: 6.1.9 Version: 6.2.1 Version: 6.2.5 Version: 6.2.19 Version: 6.2.3 Version: 6.2.9 Version: 6.3.5 Version: 6.3.1 Version: 6.3.7 Version: 6.3.3 Version: 7.0.5 Version: 7.1.1 Version: 7.1.5 Version: 7.2.13 Version: 7.2.7 Version: 7.2.3 Version: 7.2.11 Version: 7.2.5 Version: 7.3.1 Version: 7.3.9 Version: 7.3.3 Version: 7.3.5 Version: 8.1.7 Version: 8.1.5 Version: 8.1.3.21242 Version: 8.1.7.21512 Version: 8.1.3 Version: 8.1.5.21322 Version: 8.1.7.21417 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:57:35.892Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cisco-sa-secure-endpoint-dos-RzOgFKnd", tags: [ "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Secure Endpoint", vendor: "Cisco", versions: [ { status: "affected", version: "6.0.9", }, { status: "affected", version: "6.0.7", }, { status: "affected", version: "6.1.5", }, { status: "affected", version: "6.1.7", }, { status: "affected", version: "6.1.9", }, { status: "affected", version: "6.2.1", }, { status: "affected", version: "6.2.5", }, { status: "affected", version: "6.2.19", }, { status: "affected", version: "6.2.3", }, { status: "affected", version: "6.2.9", }, { status: "affected", version: "6.3.5", }, { status: "affected", version: "6.3.1", }, { status: "affected", version: "6.3.7", }, { status: "affected", version: "6.3.3", }, { status: "affected", version: "7.0.5", }, { status: "affected", version: "7.1.1", }, { status: "affected", version: "7.1.5", }, { status: "affected", version: "7.2.13", }, { status: "affected", version: "7.2.7", }, { status: "affected", version: "7.2.3", }, { status: "affected", version: "7.2.11", }, { status: "affected", version: "7.2.5", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.9", }, { status: "affected", version: "7.3.3", }, { status: "affected", version: "7.3.5", }, { status: "affected", version: "8.1.7", }, { status: "affected", version: "8.1.5", }, { status: "affected", version: "8.1.3.21242", }, { status: "affected", version: "8.1.7.21512", }, { status: "affected", version: "8.1.3", }, { status: "affected", version: "8.1.5.21322", }, { status: "affected", version: "8.1.7.21417", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could exploit this vulnerability by persuading a user to put a malicious file into a specific folder and then persuading the user to execute the file within a limited time window. A successful exploit could allow the attacker to cause the endpoint software to fail to quarantine the malicious file or kill its process. Note: This vulnerability only applies to deployments that have the Windows Folder Redirection feature enabled.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-437", description: "Incomplete Model of Endpoint Features", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-25T16:57:42.470Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-secure-endpoint-dos-RzOgFKnd", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd", }, ], source: { advisory: "cisco-sa-secure-endpoint-dos-RzOgFKnd", defects: [ "CSCwh78740", ], discovery: "EXTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2023-20084", datePublished: "2023-11-22T17:09:38.783Z", dateReserved: "2022-10-27T18:47:50.334Z", dateUpdated: "2024-08-02T08:57:35.892Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2023-20084\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2023-11-22T17:15:18.317\",\"lastModified\":\"2024-11-21T07:40:31.210\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could exploit this vulnerability by persuading a user to put a malicious file into a specific folder and then persuading the user to execute the file within a limited time window. A successful exploit could allow the attacker to cause the endpoint software to fail to quarantine the malicious file or kill its process. Note: This vulnerability only applies to deployments that have the Windows Folder Redirection feature enabled.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el software de endpoint de Cisco Secure Endpoint para Windows podría permitir que un atacante local autenticado evada la protección del endpoint dentro de un período de tiempo limitado. Esta vulnerabilidad se debe a un problema de sincronización que ocurre entre varios componentes de software. Un atacante podría aprovechar esta vulnerabilidad persuadiendo a un usuario para que coloque un archivo malicioso en una carpeta específica y luego persuadiéndolo para que ejecute el archivo dentro de un período de tiempo limitado. Un exploit exitoso podría permitir al atacante hacer que el software del terminal no ponga en cuarentena el archivo malicioso o finalice su proceso. Nota: Esta vulnerabilidad solo se aplica a implementaciones que tienen habilitada la función Redirección de carpetas de Windows.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":5.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.3,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-437\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:-:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"73BBFC84-0CBF-4A1A-BC85-58743828CB8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.0.7:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"9CBD2020-8CEC-4803-B8D0-8B8C051E3A17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.0.9:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"F61FA930-DE23-4BA5-B854-5E672534B14D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.1.5:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"0DB04EC8-AE2F-4186-B9C1-C36CA7B639AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.1.7:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"D6D13A24-5CE0-44CD-A6FC-E0656C5FC99A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.1.9:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"994F00AC-6728-455E-A785-65BBBE20C7CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.2.1:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"18C64C5D-0100-4350-9784-90A214CD6A7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.2.3:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"6C4D34D1-809E-4910-A23A-10DF0C1A6997\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.2.5:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"C373761A-45AD-49E7-BF7E-27B7043A2769\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.2.9:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"C8A3A132-D202-4E5D-B9C1-DAF2916008FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.2.19:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"A4E9E097-45BA-4009-AD4E-D8182E6068FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.3.1:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"42A92525-2605-455D-93A9-E4AF1995CCB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.3.3:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"10C46D21-DA26-46C6-9C1E-69A51D076210\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.3.5:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"7B56C363-A5B8-4F91-8414-4271D83E997D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:6.3.7:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"6615CB6A-6B26-4F16-BC9B-6E8DB80B0DC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:7.0.5:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"AF8AF3D2-0507-470E-B8EA-45D2427FAA58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:7.1.1:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"AB6D5375-A4F4-4B24-B377-AE8DDA898F2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:7.1.5:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"160F070E-CB81-4DA6-88D1-A01639B8D9D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:7.2.3:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"879BF746-BF6F-4E19-9543-06DB4190F3B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:7.2.5:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"3DCD32D3-5F52-45AC-952F-AED1DE87FDFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:7.2.7:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"4E9E10B5-D259-4E9D-8688-3A48970FC28A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:7.2.11:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"BE6734FD-FD35-4BD9-AE25-DA01D6B985E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:7.2.13:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"3C013C0C-C5E5-43A3-BFAB-7B92A86C6620\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:7.3.1:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"0CA4FD17-D6EE-4DBE-9F29-39D7AC67F6E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:7.3.3:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"E56295B4-219E-41FA-843C-A271DFC2D167\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:7.3.5:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"60B7C0C9-401D-4658-A683-22300A0007B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:7.3.9:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"1796BB1E-C26E-4394-A8C9-55D27A08367D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:8.1.3:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"D427238E-BFDC-4567-BAF8-C2DC5DDB3F6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:8.1.3.21242:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"C5309996-3287-4844-A116-12EFE751DB50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:8.1.5:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"53C0527C-79BB-4954-970F-04A06FBD13E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:8.1.5.21322:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"94EFBC3A-9EA8-4922-BAB2-BA4AE6CC5287\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:8.1.7:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"A9B45180-615C-40D4-A726-0B19EEEC1052\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:8.1.7.21417:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"65D971B4-FC73-458C-80AA-A3EA0BB7DFD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:8.1.7.21512:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"0CE68809-1B04-4C6D-AE6D-2AB8AE76DC5F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.0\",\"matchCriteriaId\":\"35AC2B5C-975C-47E3-BC8B-AFFBBE59ED6F\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}", }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.