Lucene search

K
cveMitreCVE-2023-26236
HistoryOct 05, 2023 - 1:15 a.m.

CVE-2023-26236

2023-10-0501:15:10
mitre
web.nvd.nist.gov
18
watchguard
epdr
8.0.21.0002
local privilege escalation
windows
cve-2023-26236
nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0

Percentile

5.1%

An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on Windows by sending a crafted message to a named pipe.

Affected configurations

Nvd
Node
watchguardeppMatch-
AND
watchguardepp_firmwareRange<8.00.22.0010
Node
watchguardedrMatch-
AND
watchguardedr_firmwareRange<8.00.22.0010
Node
watchguardepdrMatch-
AND
watchguardepdr_firmwareRange<8.00.22.0010
Node
watchguardpanda_ad360Match-
AND
watchguardpanda_ad360_firmwareRange<8.00.22.0010
VendorProductVersionCPE
watchguardepp-cpe:2.3:h:watchguard:epp:-:*:*:*:*:*:*:*
watchguardepp_firmware*cpe:2.3:o:watchguard:epp_firmware:*:*:*:*:*:*:*:*
watchguardedr-cpe:2.3:h:watchguard:edr:-:*:*:*:*:*:*:*
watchguardedr_firmware*cpe:2.3:o:watchguard:edr_firmware:*:*:*:*:*:*:*:*
watchguardepdr-cpe:2.3:h:watchguard:epdr:-:*:*:*:*:*:*:*
watchguardepdr_firmware*cpe:2.3:o:watchguard:epdr_firmware:*:*:*:*:*:*:*:*
watchguardpanda_ad360-cpe:2.3:h:watchguard:panda_ad360:-:*:*:*:*:*:*:*
watchguardpanda_ad360_firmware*cpe:2.3:o:watchguard:panda_ad360_firmware:*:*:*:*:*:*:*:*

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0

Percentile

5.1%

Related for CVE-2023-26236