Lucene search

K
kasperskyKaspersky LabKLA61542
HistoryOct 19, 2023 - 12:00 a.m.

KLA61542 PE vulnerability in Microsoft Mariner

2023-10-1900:00:00
Kaspersky Lab
threats.kaspersky.com
9
elevation of privilege
microsoft mariner
cbl mariner 2.0
windows update
cve-2023-38039

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.1%

An elevation of privilege vulnerability was found in Microsoft Mariner. Malicious users can exploit this vulnerability to gain privileges.

Original advisories

CVE-2023-38039

Exploitation

Public exploits exist for this vulnerability.

Related products

CBL-Mariner-2.0

CVE list

CVE-2023-38039 critical

KB list

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

  • XSS/CSS

Cross site scripting. Exploitation of vulnerabilities with this impact can lead to partial interception of information transmitted between user and site.

Affected Products

  • CBL Mariner 2.0 ARMCBL Mariner 2.0 x64

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.1%