admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 18:52:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-28142.md

18 lines
1.0 KiB
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2023-28142](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28142)
![](https://img.shields.io/static/v1?label=Product&message=Cloud%20Agent&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%203.1.3.34%3C%204.5.3.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-362%20Concurrent%20Execution%20using%20Shared%20Resource%20with%20Improper%20Synchronization%20('Race%20Condition')&color=brighgreen)
### Description
A Race Condition exists in the Qualys Cloud Agent for Windowsplatform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers toescalate privileges limited on the local machine during uninstallation of theQualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges onthat asset to run arbitrary commands.At the time of this disclosure, versions before 4.0 are classified as Endof Life.
### POC
#### Reference
- https://www.qualys.com/security-advisories/
#### Github
No PoCs found on GitHub currently.
Reference in New Issue Copy Permalink