CVE-2023-3438 - OpenCVE

An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Trellix	Move

Configuration 1 [-]

cpe:2.3:a:trellix:move:*:*:*:*:*:windows:*:*

References

Link	Resource
https://kcm.trellix.com/corporate/index?page=content&id=SB10404	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: trellix

Published: 2023-07-03T07:35:24.255Z

Updated: 2023-07-03T07:35:24.255Z

Reserved: 2023-06-28T07:03:39.592Z

Link: CVE-2023-3438

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-07-03T08:15:09.670

Modified: 2023-07-14T14:43:08.843

Link: CVE-2023-3438

JSON object: View

Redhat Information

No data.

CWE

CWE-428

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-3438", "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "state": "PUBLISHED", "assignerShortName": "trellix", "dateReserved": "2023-06-28T07:03:39.592Z", "datePublished": "2023-07-03T07:35:24.255Z", "dateUpdated": "2023-07-03T07:35:24.255Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Trellix Move", "vendor": "Trellix", "versions": [{"status": "affected", "version": "4.10.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). </span><br><span style=\"background-color: rgb(255, 255, 255);\">The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services.</span>\n\n"}], "value": "\nAn unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). \nThe misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services.\n\n"}], "impacts": [{"capecId": "CAPEC-38", "descriptions": [{"lang": "en", "value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-428", "description": "CWE-428 Unquoted Search Path or Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix", "dateUpdated": "2023-07-03T07:35:24.255Z"}, "references": [{"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10404"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}