Lucene search

[email protected]NVD:CVE-2023-26236

HistoryOct 05, 2023 - 1:15 a.m.

CVE-2023-26236

2023-10-0501:15:10

[email protected]

web.nvd.nist.gov

watchguard epdr

local privilege escalation

windows

named pipe

vulnerability

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on Windows by sending a crafted message to a named pipe.

Affected configurations

Nvd

Node

watchguardeppMatch-

AND

watchguardepp_firmwareRange<8.00.22.0010

Node

watchguardedrMatch-

AND

watchguardedr_firmwareRange<8.00.22.0010

Node

watchguardepdrMatch-

AND

watchguardepdr_firmwareRange<8.00.22.0010

Node

watchguardpanda_ad360Match-

AND

watchguardpanda_ad360_firmwareRange<8.00.22.0010

VendorProductVersionCPE
watchguardepp-cpe:2.3:h:watchguard:epp:-:*:*:*:*:*:*:*
watchguardepp_firmware*cpe:2.3:o:watchguard:epp_firmware:*:*:*:*:*:*:*:*
watchguardedr-cpe:2.3:h:watchguard:edr:-:*:*:*:*:*:*:*
watchguardedr_firmware*cpe:2.3:o:watchguard:edr_firmware:*:*:*:*:*:*:*:*
watchguardepdr-cpe:2.3:h:watchguard:epdr:-:*:*:*:*:*:*:*
watchguardepdr_firmware*cpe:2.3:o:watchguard:epdr_firmware:*:*:*:*:*:*:*:*
watchguardpanda_ad360-cpe:2.3:h:watchguard:panda_ad360:-:*:*:*:*:*:*:*
watchguardpanda_ad360_firmware*cpe:2.3:o:watchguard:panda_ad360_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
watchguard	epp	-	cpe:2.3:h:watchguard:epp:-:::::::*
watchguard	epp_firmware	*	cpe:2.3:o:watchguard:epp_firmware::::::::
watchguard	edr	-	cpe:2.3:h:watchguard:edr:-:::::::*
watchguard	edr_firmware	*	cpe:2.3:o:watchguard:edr_firmware::::::::
watchguard	epdr	-	cpe:2.3:h:watchguard:epdr:-:::::::*
watchguard	epdr_firmware	*	cpe:2.3:o:watchguard:epdr_firmware::::::::
watchguard	panda_ad360	-	cpe:2.3:h:watchguard:panda_ad360:-:::::::*
watchguard	panda_ad360_firmware	*	cpe:2.3:o:watchguard:panda_ad360_firmware::::::::

References

www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00004

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-26236

prion1 cve1 cvelist1