CVE-2023-1453 - OpenCVE

A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It has been rated as critical. Affected by this issue is the function 0x80002008 in the library wsdk-driver.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-223298 is the identifier assigned to this vulnerability.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:S/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Watchdog	Anti-virus

Configuration 1 [-]

cpe:2.3:a:watchdog:anti-virus:1.4.214.0:*:*:*:*:*:*:*

References

Link	Resource
https://drive.google.com/file/d/1ivMk1uVAvPCCAxqiD2BW9gD1TsktQkpi/view	Exploit
https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1453	Third Party Advisory
https://vuldb.com/?ctiid.223298	Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.223298	Permissions Required Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulDB

Published: 2023-03-17T06:52:10.093Z

Updated: 2023-10-21T09:03:31.848Z

Reserved: 2023-03-17T06:51:33.925Z

Link: CVE-2023-1453

JSON object: View

NVD Information

Status : Modified

Published: 2023-03-17T07:15:13.213

Modified: 2024-05-17T02:18:06.770

Link: CVE-2023-1453

JSON object: View

Redhat Information

No data.

CWE

CWE-284

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-1453", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-03-17T06:51:33.925Z", "datePublished": "2023-03-17T06:52:10.093Z", "dateUpdated": "2023-10-21T09:03:31.848Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-21T09:03:31.848Z"}, "title": "Watchdog Anti-Virus IoControlCode wsdk-driver.sys 0x80002008 access control", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Controls"}]}], "affected": [{"vendor": "Watchdog", "product": "Anti-Virus", "versions": [{"version": "1.4.214.0", "status": "affected"}], "modules": ["IoControlCode Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It has been rated as critical. Affected by this issue is the function 0x80002008 in the library wsdk-driver.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-223298 is the identifier assigned to this vulnerability."}, {"lang": "de", "value": "Eine kritische Schwachstelle wurde in Watchdog Anti-Virus 1.4.214.0 ausgemacht. Betroffen davon ist die Funktion 0x80002008 in der Bibliothek wsdk-driver.sys der Komponente IoControlCode Handler. Durch das Beeinflussen mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.4, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.2, "vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:P"}}], "timeline": [{"time": "2023-03-17T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-03-17T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-03-17T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-04-11T10:59:10.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Zeze7w (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.223298", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.223298", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1453", "tags": ["related"]}, {"url": "https://drive.google.com/file/d/1ivMk1uVAvPCCAxqiD2BW9gD1TsktQkpi/view", "tags": ["exploit"]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:watchdog:anti-virus:1.4.214.0:*:*:*:*:*:*:*", "matchCriteriaId": "5EEF7DD2-2795-4056-80E0-8946D55A8E8E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It has been rated as critical. Affected by this issue is the function 0x80002008 in the library wsdk-driver.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-223298 is the identifier assigned to this vulnerability."}], "id": "CVE-2023-1453", "lastModified": "2024-05-17T02:18:06.770", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 3.2, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-03-17T07:15:13.213", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://drive.google.com/file/d/1ivMk1uVAvPCCAxqiD2BW9gD1TsktQkpi/view"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1453"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?ctiid.223298"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.223298"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "cna@vuldb.com", "type": "Primary"}]}