CVE-2023-35800Incorrect Permission Assignment in Endpoint Security

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 69.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Stormshield Endpoint Security
Timeline
PublishedJun 27

Description

Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

NVDstormshield/endpoint_security2.0.02.4.2

🔴Vulnerability Details

2
CVEList
CVE-2023-35800: Stormshield Endpoint Security Evolution 22023-06-27
GHSA
GHSA-9j35-h8v6-5943: Stormshield Endpoint Security Evolution 22023-06-27
CVE-2023-35800 — Incorrect Permission Assignment | cvebase