CVE-2023-47172 - OpenCVE

Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, and WithSecure Elements Endpoint Protection 17 and later.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Withsecure	Elements Endpoint Protection Email And Server Security Client Security Server Security

Configuration 1 [-]

OR	cpe:2.3:a:withsecure:client_security::::::::
	cpe:2.3:a:withsecure:elements_endpoint_protection::::::::
	cpe:2.3:a:withsecure:email_and_server_security::::::::
	cpe:2.3:a:withsecure:server_security::::::::

References

Link	Resource
https://www.withsecure.com/en/support/security-advisories/cve-2023-47172	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-11-20T00:00:00

Updated: 2023-11-20T20:54:47.076308

Reserved: 2023-10-31T00:00:00

Link: CVE-2023-47172

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-20T21:15:08.293

Modified: 2023-11-28T21:57:21.713

Link: CVE-2023-47172

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:withsecure:client_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C3FF325-62E4-45DF-AA2C-E2B3CCDF080F", "versionStartIncluding": "15", "vulnerable": true}, {"criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*", "matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A", "versionStartIncluding": "17", "vulnerable": true}, {"criteria": "cpe:2.3:a:withsecure:email_and_server_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDC69E2C-7B7A-4203-949D-25F4343082C7", "versionStartIncluding": "15", "vulnerable": true}, {"criteria": "cpe:2.3:a:withsecure:server_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "73BCD074-70B5-4905-A20F-A60966EB2912", "versionStartIncluding": "15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, and WithSecure Elements Endpoint Protection 17 and later."}, {"lang": "es", "value": "Ciertos productos WithSecure permiten la escalada de privilegios locales. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15 y WithSecure Elements Endpoint Protection 17 y posteriores."}], "id": "CVE-2023-47172", "lastModified": "2023-11-28T21:57:21.713", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-20T21:15:08.293", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-47172"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}