Lucene search

GoogleOSV:CVE-2023-42463

HistoryJan 12, 2024 - 9:15 p.m.

CVE-2023-42463

2024-01-1221:15:09

Google

osv.dev

wazuh threat prevention detection response vulnerability privilege escalation stack overflow patch

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.9%

JSON

Wazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerability was patched in version 4.5.3.

CPENameOperatorVersion
wazuheq3.9.3
wazuheq4.2.2
wazuheq3.11.3
wazuheq3.0.0
wazuheq4.1.2
wazuheq3.12.1
wazuheq4.3.5
wazuheq4.4.2
wazuheq4.3.10
wazuheq3.13.5

Name	Operator	Version
wazuh	eq	3.9.3
wazuh	eq	4.2.2
wazuh	eq	3.11.3
wazuh	eq	3.0.0
wazuh	eq	4.1.2
wazuh	eq	3.12.1
wazuh	eq	4.3.5
wazuh	eq	4.4.2
wazuh	eq	4.3.10
wazuh	eq	3.13.5

Rows per page:

1-10 of 941

References

github.com/wazuh/wazuh/security/advisories/GHSA-27p5-32pp-r58r

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.9%

JSON

Related for OSV:CVE-2023-42463