CVE-2022-46334 - OpenCVE

Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Proofpoint	Enterprise Protection

Configuration 1 [-]

cpe:2.3:a:proofpoint:enterprise_protection:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.proofpoint.com/security/security-advisories/pfpt-sa-2022-0004	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Proofpoint

Published: 2022-12-21T20:05:38.584Z

Updated: 2023-07-12T19:07:37.968Z

Reserved: 2022-11-29T16:10:15.065Z

Link: CVE-2022-46334

JSON object: View

NVD Information

Status : Modified

Published: 2022-12-21T21:15:09.360

Modified: 2023-07-11T22:15:09.647

Link: CVE-2022-46334

JSON object: View

Redhat Information

No data.

CWE

CWE-269

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-46334", "assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46", "state": "PUBLISHED", "assignerShortName": "Proofpoint", "dateReserved": "2022-11-29T16:10:15.065Z", "datePublished": "2022-12-21T20:05:38.584Z", "dateUpdated": "2023-07-12T19:07:37.968Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "enterprise_protection", "vendor": "Proofpoint", "versions": [{"changes": [{"at": "8.19.0 patch 4550", "status": "unaffected"}, {"at": "8.18.6 patch 4549", "status": "unaffected"}, {"at": "8.13.22 patch 4548", "status": "unaffected"}], "lessThanOrEqual": "8.19.0", "status": "affected", "version": "8.*", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "ly1g3"}], "datePublic": "2022-12-21T19:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below.</p>"}], "value": "Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46", "shortName": "Proofpoint", "dateUpdated": "2023-07-12T19:07:37.968Z"}, "references": [{"url": "https://www.proofpoint.com/security/security-advisories/pfpt-sa-2022-0004"}], "source": {"discovery": "UNKNOWN"}, "title": "Proofpoint Enterprise Protection Local Privilege Escalation", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:proofpoint:enterprise_protection:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8989910-63F8-4E56-AC31-F2FF3FAB1991", "versionEndIncluding": "8.19.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below.\n\n"}, {"lang": "es", "value": "Proofpoint Enterprise Protection (PPS/PoD) contiene una vulnerabilidad que permite al usuario de pps escalar a privilegios de root debido a permisos innecesarios. Esto afecta a todas las versiones 8.19.0 y anteriores.\n "}], "id": "CVE-2022-46334", "lastModified": "2023-07-11T22:15:09.647", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security@proofpoint.com", "type": "Secondary"}]}, "published": "2022-12-21T21:15:09.360", "references": [{"source": "security@proofpoint.com", "tags": ["Vendor Advisory"], "url": "https://www.proofpoint.com/security/security-advisories/pfpt-sa-2022-0004"}], "sourceIdentifier": "security@proofpoint.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@proofpoint.com", "type": "Secondary"}]}