Lucene search

Kaspersky LabKLA48959

HistoryApr 14, 2023 - 12:00 a.m.

KLA48959 SB vulnerability in Microsoft System Center

2023-04-1400:00:00

Kaspersky Lab

threats.kaspersky.com

microsoft system center

security bypass

vulnerability

malicious users

updates

windows defender

cve-2023-24934

high severity

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

42.4%

JSON

A security feature bypass vulnerability was found in Microsoft System Center. Malicious users can exploit this vulnerability to bypass security restrictions.

Original advisories

CVE-2023-24934

Related products

Windows-Defender

CVE list

CVE-2023-24934 high

KB list

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

Microsoft Malware Protection Engine

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24934

statistics.securelist.com/

threats.kaspersky.com/en/product/Windows-Defender/

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

42.4%

JSON

Related for KLA48959