From c6573971165fe281aaf97b8b111465b4bd01d033 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 15 Jun 2023 07:00:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/4xxx/CVE-2022-4149.json | 127 +++++++++++++++++++++++++++++++-- 2023/33xxx/CVE-2023-33009.json | 90 ++++++++++++++--------- 2023/3xxx/CVE-2023-3259.json | 18 +++++ 2023/3xxx/CVE-2023-3260.json | 18 +++++ 2023/3xxx/CVE-2023-3261.json | 18 +++++ 2023/3xxx/CVE-2023-3262.json | 18 +++++ 2023/3xxx/CVE-2023-3263.json | 18 +++++ 2023/3xxx/CVE-2023-3264.json | 18 +++++ 2023/3xxx/CVE-2023-3265.json | 18 +++++ 2023/3xxx/CVE-2023-3266.json | 18 +++++ 2023/3xxx/CVE-2023-3267.json | 18 +++++ 11 files changed, 342 insertions(+), 37 deletions(-) create mode 100644 2023/3xxx/CVE-2023-3259.json create mode 100644 2023/3xxx/CVE-2023-3260.json create mode 100644 2023/3xxx/CVE-2023-3261.json create mode 100644 2023/3xxx/CVE-2023-3262.json create mode 100644 2023/3xxx/CVE-2023-3263.json create mode 100644 2023/3xxx/CVE-2023-3264.json create mode 100644 2023/3xxx/CVE-2023-3265.json create mode 100644 2023/3xxx/CVE-2023-3266.json create mode 100644 2023/3xxx/CVE-2023-3267.json diff --git a/2022/4xxx/CVE-2022-4149.json b/2022/4xxx/CVE-2022-4149.json index 987b94f2ec1..2ff98c93be7 100644 --- a/2022/4xxx/CVE-2022-4149.json +++ b/2022/4xxx/CVE-2022-4149.json @@ -1,17 +1,136 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4149", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@netskope.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Netskope client service (prior to R96) on Windows runs as NT AUTHORITY\\SYSTEM which writes log files to a writable directory (C:\\Users\\Public\\netSkope) for a standard user. The files are created and written with a SYSTEM account except one file (logplaceholder) which inherits permission giving all users full access control list. Netskope client restricts access to this file by allowing only read permissions as a standard user. Whenever the Netskope client service restarts, it deletes the logplaceholder and recreates, creating a race condition, which can be exploited by a malicious local user to create the file and set ACL permissions on the file. Once the file is created by a malicious user with proper ACL permissions, all files within C:\\Users\\Public\\netSkope\\ becomes modifiable by the unprivileged user. By using Windows pseudo-symlink, these files can be pointed to other places in the system and thus malicious users will be able to elevate privileges.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", + "cweId": "CWE-367" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Netskope", + "product": { + "product_data": [ + { + "product_name": "Netskope Client", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "95, 0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-002", + "refsource": "MISC", + "name": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-002" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "NSKPSA-2023-002", + "defect": [ + "NSKPSA-2023-002" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Netskope recommends using hardening guidelines listed here - \u2013 https://docs.netskope.com/en/netskope-client-hardening.html 
" + } + ], + "value": "Netskope recommends using hardening guidelines listed here -\u00a0\u2013 https://docs.netskope.com/en/netskope-client-hardening.html https://docs.netskope.com/en/netskope-client-hardening.html \u00a0\n" + } + ], + "exploit": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Netskope is not aware of any public disclosure and exploitation of this vulnerability at the time of publication. 

" + } + ], + "value": "Netskope is not aware of any public disclosure and exploitation of this vulnerability at the time of publication.\u00a0\n\n" + } + ], + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Netskope has patched the vulnerability and released a binary with a fix. Customers are recommended to upgrade their Netskope clients to v100 or later. Netskope download Instructions \u2013 Download Netskope Client and Scripts \u2013 Netskope Support
" + } + ], + "value": "Netskope has patched the vulnerability and released a binary with a fix. Customers are recommended to upgrade their Netskope clients to v100 or later. Netskope download Instructions \u2013 Download Netskope Client and Scripts \u2013 Netskope Support https://support.netskope.com/s/article/Download-Netskope-Client-and-Scripts \n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Netskope credits Dawson Medin from Mandiant for reporting this flaw." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/33xxx/CVE-2023-33009.json b/2023/33xxx/CVE-2023-33009.json index 60d14c611c3..a23b09d0f02 100644 --- a/2023/33xxx/CVE-2023-33009.json +++ b/2023/33xxx/CVE-2023-33009.json @@ -1,12 +1,33 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "security@zyxel.com.tw", "ID": "CVE-2023-33009", + "ASSIGNER": "security@zyxel.com.tw", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + "cweId": "CWE-120" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,7 +40,8 @@ "version": { "version_data": [ { - "version_value": "4.32 through 5.36 Patch 1" + "version_affected": "=", + "version_value": "4.60 through 5.36 Patch 1" } ] } @@ -29,7 +51,8 @@ "version": { "version_data": [ { - "version_value": "4.50 through 5.36 Patch 1" + "version_affected": "=", + "version_value": "4.60 through 5.36 Patch 1" } ] } @@ -39,7 +62,8 @@ "version": { "version_data": [ { - "version_value": "4.25 through 5.36 Patch 1" + "version_affected": "=", + "version_value": "4.60 through 5.36 Patch 1" } ] } @@ -49,7 +73,8 @@ "version": { "version_data": [ { - "version_value": "4.25 through 5.36 Patch 1" + "version_affected": "=", + "version_value": "4.60 through 5.36 Patch 1" } ] } @@ -59,7 +84,8 @@ "version": { "version_data": [ { - "version_value": "4.30 through 5.36 Patch 1" + "version_affected": "=", + "version_value": "4.60 through 5.36 Patch 1" } ] } @@ -69,7 +95,8 @@ "version": { "version_data": [ { - "version_value": "4.25 through 4.73 Patch 1" + "version_affected": "=", + "version_value": "4.60 through 4.73 Patch 1" } ] } @@ -80,39 +107,36 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" - } - ] - } - ] - }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "name": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls", - "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls" + "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls", + "refsource": "MISC", + "name": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls" } ] }, - "impact": { - "cvss": { - "baseScore": "9.8", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" - } + "generator": { + "engine": "Vulnogram 0.1.0-dev" }, - "description": { - "description_data": [ + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ { - "lang": "eng", - "value": "A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device." + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3259.json b/2023/3xxx/CVE-2023-3259.json new file mode 100644 index 00000000000..b03207c2c58 --- /dev/null +++ b/2023/3xxx/CVE-2023-3259.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3259", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3260.json b/2023/3xxx/CVE-2023-3260.json new file mode 100644 index 00000000000..c428be6490d --- /dev/null +++ b/2023/3xxx/CVE-2023-3260.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3260", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3261.json b/2023/3xxx/CVE-2023-3261.json new file mode 100644 index 00000000000..88bad70e8f8 --- /dev/null +++ b/2023/3xxx/CVE-2023-3261.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3261", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3262.json b/2023/3xxx/CVE-2023-3262.json new file mode 100644 index 00000000000..02b2210de98 --- /dev/null +++ b/2023/3xxx/CVE-2023-3262.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3262", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3263.json b/2023/3xxx/CVE-2023-3263.json new file mode 100644 index 00000000000..86a66354dc0 --- /dev/null +++ b/2023/3xxx/CVE-2023-3263.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3263", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3264.json b/2023/3xxx/CVE-2023-3264.json new file mode 100644 index 00000000000..72c89596aba --- /dev/null +++ b/2023/3xxx/CVE-2023-3264.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3264", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3265.json b/2023/3xxx/CVE-2023-3265.json new file mode 100644 index 00000000000..4999a2d7f71 --- /dev/null +++ b/2023/3xxx/CVE-2023-3265.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3265", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3266.json b/2023/3xxx/CVE-2023-3266.json new file mode 100644 index 00000000000..169d3e4d190 --- /dev/null +++ b/2023/3xxx/CVE-2023-3266.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3266", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3267.json b/2023/3xxx/CVE-2023-3267.json new file mode 100644 index 00000000000..80af6c53a4d --- /dev/null +++ b/2023/3xxx/CVE-2023-3267.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-3267", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file