Lucene search

TrellixVULNRICHMENT:CVE-2024-0312

HistoryMar 14, 2024 - 9:08 a.m.

CVE-2024-0312

2024-03-1409:08:27

CWE-622

trellix

github.com

malicious insider

skyhigh client proxy

uninstall password

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.9

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

A malicious insider can uninstall Skyhigh Client Proxy without a valid uninstall password.

CNA Affected

[
  {
    "vendor": "Skyhigh",
    "product": "Skyhigh Client Proxy",
    "versions": [
      {
        "status": "affected",
        "version": "4.8.1"
      }
    ],
    "platforms": [
      "Windows"
    ],
    "defaultStatus": "unaffected"
  }
]

References

kcm.trellix.com/corporate/index?page=content&id=SB10418

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.9

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-0312