7.8
CVE-2023-43766
- EPSS 0.04%
- Published 22.09.2023 05:15:09
- Last modified 21.11.2024 08:24:44
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
Data is provided by the National Vulnerability Database (NVD)
F-secure ≫ Linux Protection Version12.0
F-secure ≫ Linux Security 64 Version12.0
F-secure ≫ Client Security Version15.00
F-secure ≫ Elements Endpoint Protection Version >= 17.0
F-secure ≫ Email And Server Security Version15.00
F-secure ≫ Server Security Version15.00
F-secure ≫ Client Security Version15.00
F-secure ≫ Elements Endpoint Protection Version >= 17.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.127 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.