Lucene search

[email protected]NVD:CVE-2023-42463

HistoryJan 12, 2024 - 9:15 p.m.

CVE-2023-42463

2024-01-1221:15:09

CWE-121

[email protected]

web.nvd.nist.gov

wazuh

open source

threat prevention

stack overflow

local privilege escalation

vulnerability

patched

version 4.5.3

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.7%

JSON

Wazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerability was patched in version 4.5.3.

Affected configurations

Nvd

Node

wazuhwazuhRange<4.5.3

VendorProductVersionCPE
wazuhwazuh*cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wazuh	wazuh	*	cpe:2.3:a:wazuh:wazuh::::::::

References

github.com/wazuh/wazuh/security/advisories/GHSA-27p5-32pp-r58r

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.7%

JSON

Related for NVD:CVE-2023-42463

prion1 cvelist1 zdi1 osv1 cve1