Lucene search

[email protected]NVD:CVE-2023-2820

HistoryJun 14, 2023 - 10:15 p.m.

CVE-2023-2820

2023-06-1422:15:09

CWE-200

CWE-668

[email protected]

web.nvd.nist.gov

cve-2023-2820

integrated services

man-in-the-middle

cryptanalysis

credentials

impersonate

proofpoint threat response

adjacent network

version 5.10.0

CVSS3

6.8

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

22.1%

JSON

An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic. An attacker could use these credentials to impersonate PTR/TRAP to these services. All versions prior to 5.10.0 are affected.

Affected configurations

Nvd

Node

proofpointthreat_response_auto_pullRange<5.10.0

VendorProductVersionCPE
proofpointthreat_response_auto_pull*cpe:2.3:a:proofpoint:threat_response_auto_pull:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
proofpoint	threat_response_auto_pull	*	cpe:2.3:a:proofpoint:threat_response_auto_pull::::::::

References

www.proofpoint.com/security/security-advisories/pfpt-sa-2023-0003

CVSS3

6.8

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

22.1%

JSON

Related for NVD:CVE-2023-2820

cve1 cvelist1 prion1