Lucene search

ProofpointCVELIST:CVE-2023-2820

HistoryJun 14, 2023 - 9:26 p.m.

CVE-2023-2820

2023-06-1421:26:31

CWE-200

Proofpoint

www.cve.org

information disclosure

faye endpoint

proofpoint threat response

threat response auto-pull

man-in-the-middle

cryptanalysis

integrated services

credentials

impersonation

vulnerability

security

version 5.10.0

CVSS3

6.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

22.1%

JSON

An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic. An attacker could use these credentials to impersonate PTR/TRAP to these services. All versions prior to 5.10.0 are affected.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Threat Response Auto Pull",
    "vendor": "Proofpoint",
    "versions": [
      {
        "lessThan": "5.10.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.proofpoint.com/security/security-advisories/pfpt-sa-2023-0003

CVSS3

6.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

22.1%

JSON

Related for CVELIST:CVE-2023-2820