CVE-2023-6253 - OpenCVE

A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Fortra	Digital Guardian Agent

Configuration 1 [-]

cpe:2.3:a:fortra:digital_guardian_agent:*:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/175956/Fortra-Digital-Guardian-Agent-Uninstaller-Cross-Site-Scripting-UninstallKey-Cached.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2023/Nov/14	Exploit Mailing List Third Party Advisory
https://r.sec-consult.com/fortra	Exploit Third Party Advisory
https://www.fortra.com/security	Product

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: SEC-VLab

Published: 2023-11-22T11:22:58.159Z

Updated: 2023-11-22T11:22:58.159Z

Reserved: 2023-11-22T11:08:26.968Z

Link: CVE-2023-6253

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-22T12:15:22.963

Modified: 2023-11-30T05:40:53.983

Link: CVE-2023-6253

JSON object: View

Redhat Information

No data.

CWE

CWE-922

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-6253", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "state": "PUBLISHED", "assignerShortName": "SEC-VLab", "dateReserved": "2023-11-22T11:08:26.968Z", "datePublished": "2023-11-22T11:22:58.159Z", "dateUpdated": "2023-11-22T11:22:58.159Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Uninstaller"], "product": "Digital Guardian Agent ", "vendor": "Fortra", "versions": [{"lessThan": "7.9.4", "status": "affected", "version": "0", "versionType": "patch"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "J. Kruchem (SEC Consult Vulnerability Lab)"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "B. Gr\u00fcndling (SEC Consult Vulnerability Lab)"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "D. Hirschberger (SEC Consult Vulnerability Lab)"}], "datePublic": "2023-11-23T08:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file.<br>"}], "value": "A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file.\n"}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-922", "description": "CWE-922 Insecure Storage of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2023-11-22T11:22:58.159Z"}, "references": [{"url": "https://www.fortra.com/security"}, {"url": "https://r.sec-consult.com/fortra"}, {"url": "http://seclists.org/fulldisclosure/2023/Nov/14"}, {"url": "http://packetstormsecurity.com/files/175956/Fortra-Digital-Guardian-Agent-Uninstaller-Cross-Site-Scripting-UninstallKey-Cached.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The vendor provides an updated Agent version 7.9.4 which can be downloaded at the vendor's support page: <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.digitalguardian.com/services/support\">https://www.digitalguardian.com/services/support</a><br>"}], "value": "The vendor provides an updated Agent version 7.9.4 which can be downloaded at the vendor's support page: https://www.digitalguardian.com/services/support https://www.digitalguardian.com/services/support \n"}], "source": {"discovery": "UNKNOWN"}, "title": "Saved Uninstall Key in Digital Guardian Agent Uninstaller", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortra:digital_guardian_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA40A180-146B-477B-9565-7B619F3CAB5D", "versionEndExcluding": "7.9.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file.\n"}, {"lang": "es", "value": "Una clave de cifrado guardada en el desinstalador Digital Guardian Agent anterior a la versi\u00f3n 7.9.4 permite a un atacante local recuperar la clave de desinstalaci\u00f3n y eliminar el software extrayendo la clave de desinstalaci\u00f3n de la memoria del archivo de desinstalaci\u00f3n."}], "id": "CVE-2023-6253", "lastModified": "2023-11-30T05:40:53.983", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-22T12:15:22.963", "references": [{"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/175956/Fortra-Digital-Guardian-Agent-Uninstaller-Cross-Site-Scripting-UninstallKey-Cached.html"}, {"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Nov/14"}, {"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "tags": ["Exploit", "Third Party Advisory"], "url": "https://r.sec-consult.com/fortra"}, {"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "tags": ["Product"], "url": "https://www.fortra.com/security"}], "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-922"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-922"}], "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "type": "Secondary"}]}