Lucene search

GitHub_MCVELIST:CVE-2023-42463

HistoryJan 12, 2024 - 8:55 p.m.

CVE-2023-42463 wazuh-logcollector integer underflow local privilege escalation

2024-01-1220:55:53

CWE-121

GitHub_M

www.cve.org

wazuh threat prevention detection

bug

patched

v4.5.3

local privilege escalation

integer underflow

7.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

31.9%

JSON

Wazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerability was patched in version 4.5.3.

CNA Affected

[
  {
    "vendor": "wazuh",
    "product": "wazuh",
    "versions": [
      {
        "version": "< 4.5.3",
        "status": "affected"
      }
    ]
  }
]

References

github.com/wazuh/wazuh/security/advisories/GHSA-27p5-32pp-r58r

7.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

31.9%

JSON

Related for CVELIST:CVE-2023-42463