Lucene search

MitreCVE-2023-29145

HistoryJun 30, 2023 - 8:15 p.m.

CVE-2023-29145

2023-06-3020:15:09

mitre

web.nvd.nist.gov

malwarebytes

edr

linux

cve-2023-29145

security

vulnerability

arbitrary code execution

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

5.1%

JSON

The Malwarebytes EDR 1.0.11 for Linux driver doesn’t properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger.

Affected configurations

Nvd

Node

malwarebytesendpoint_detection_and_responseRange≤1.0.11linux

malwarebytesmalwarebytesRange≤1.0.14linux

VendorProductVersionCPE
malwarebytesendpoint_detection_and_response*cpe:2.3:a:malwarebytes:endpoint_detection_and_response:*:*:*:*:*:linux:*:*
malwarebytesmalwarebytes*cpe:2.3:a:malwarebytes:malwarebytes:*:*:*:*:*:linux:*:*

Vendor	Product	Version	CPE
malwarebytes	endpoint_detection_and_response	*	cpe:2.3:a:malwarebytes:endpoint_detection_and_response::::::linux::*
malwarebytes	malwarebytes	*	cpe:2.3:a:malwarebytes:malwarebytes::::::linux::*

References

malwarebytes.com

www.malwarebytes.com/secure/cves/cve-2023-29145

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-29145