Lucene search

[email protected]CVE-2023-29145

HistoryJun 30, 2023 - 8:15 p.m.

CVE-2023-29145

2023-06-3020:15:09

[email protected]

web.nvd.nist.gov

malwarebytes

edr

linux

cve-2023-29145

security

vulnerability

arbitrary code execution

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

The Malwarebytes EDR 1.0.11 for Linux driver doesn’t properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger.

Affected configurations

NVD

Node

malwarebytesendpoint_detection_and_responseRange≤1.0.11linux

malwarebytesmalwarebytesRange≤1.0.14linux

CPENameOperatorVersion
malwarebytes:endpoint_detection_and_responsemalwarebytes endpoint detection and responsele1.0.11
malwarebytes:malwarebytesmalwarebytesle1.0.14

CPE	Name	Operator	Version
malwarebytes:endpoint_detection_and_response	malwarebytes endpoint detection and response	le	1.0.11
malwarebytes:malwarebytes	malwarebytes	le	1.0.14

References

malwarebytes.com

www.malwarebytes.com/secure/cves/cve-2023-29145

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2023-29145

prion1 nvd1 cvelist1