Lucene search

THA-PSIRTCVELIST:CVE-2023-2737

HistoryAug 16, 2023 - 3:45 p.m.

CVE-2023-2737 Improper securing of log directory may allow a denial of service

2023-08-1615:45:29

CWE-276

THA-PSIRT

www.cve.org

cve-2023-2737

safenet authentication service

windows

local privilege escalation

5.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "SafeNet Authtentication Service Agent",
    "vendor": "Thales",
    "versions": [
      {
        "lessThan": "3.6.1",
        "status": "affected",
        "version": "SafeNet Authentication Service Agent ",
        "versionType": "3.6.0"
      }
    ]
  }
]

References

supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=08f460ba47bba550c0e42e61e36d432f&sysparm_article=KB0027485

5.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

Related for CVELIST:CVE-2023-2737