CVE-2023-35799 — Incorrect Permission Assignment in Endpoint Security

CWE-732 — Incorrect Permission Assignment4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 88.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Stormshield Endpoint Security

Timeline

PublishedJun 27

Description

Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDstormshield/endpoint_security2.0.0 — 2.3.2

🔴Vulnerability Details

OSV

CVE-2023-35799: Stormshield Endpoint Security Evolution 2↗2023-06-27

▶

GHSA

GHSA-ppp2-fxjc-67f9: Stormshield Endpoint Security Evolution 2↗2023-06-27

▶

CVEList

CVE-2023-35799: Stormshield Endpoint Security Evolution 2↗2023-06-27

▶