{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28143", "assignerOrgId": "8a309ac4-d8c7-4735-9c1d-ca39c5dfbcda", "state": "PUBLISHED", "assignerShortName": "Qualys", "dateReserved": "2023-03-10T21:23:28.797Z", "datePublished": "2023-04-18T15:54:16.031Z", "dateUpdated": "2025-02-05T20:25:58.551Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["MacOS"], "product": "Cloud Agent", "vendor": "Qualys", "versions": [{"lessThan": "3.7", "status": "affected", "version": "2.5.1-75", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Lockheed Martin Red Team"}], "datePublic": "2023-04-18T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p></p><p>Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7)\ninstaller allows a local escalation of privilege bounded only to the time of\ninstallation and only on older macOSX (macOS 10.15 and older) versions.\nAttackers may exploit incorrect file permissions to give them ROOT command\nexecution privileges on the host. During the install of the PKG, a step in the\nprocess involves extracting the package and copying files to several\ndirectories. Attackers may gain writable access to files during the install of\nPKG when extraction of the package and copying files to several directories,\nenabling a local escalation of privilege.</p>\n\n\n\n\n\n<p></p>"}], "value": "\nQualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7)\ninstaller allows a local escalation of privilege bounded only to the time of\ninstallation and only on older macOSX (macOS 10.15 and older) versions.\nAttackers may exploit incorrect file permissions to give them ROOT command\nexecution privileges on the host. During the install of the PKG, a step in the\nprocess involves extracting the package and copying files to several\ndirectories. Attackers may gain writable access to files during the install of\nPKG when extraction of the package and copying files to several directories,\nenabling a local escalation of privilege.\n\n\n\n\n\n\n\n\n\n"}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Proof of Concept"}], "value": "Proof of Concept"}], "impacts": [{"capecId": "CAPEC-30", "descriptions": [{"lang": "en", "value": "CAPEC-30 Hijacking a Privileged Thread of Execution"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-426", "description": "CWE-426 Untrusted Search Path", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8a309ac4-d8c7-4735-9c1d-ca39c5dfbcda", "shortName": "Qualys", "dateUpdated": "2023-04-18T15:54:16.031Z"}, "references": [{"url": "https://qualys.com/security-advisories"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Upgrade to v3.7 for Qualys\nCloud Agent for MacOS.</p>\n\n\n\n\n\n<br>"}], "value": "Upgrade to v3.7 for Qualys\nCloud Agent for MacOS.\n\n\n\n\n\n\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "Local Privilege Escalation", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:30:24.348Z"}, "title": "CVE Program Container", "references": [{"url": "https://qualys.com/security-advisories", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-05T20:25:47.361002Z", "id": "CVE-2023-28143", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-05T20:25:58.551Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://qualys.com/security-advisories", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:30:24.348Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-28143", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-05T20:25:47.361002Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-05T20:25:27.324Z"}}], "cna": {"title": "Local Privilege Escalation", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Lockheed Martin Red Team"}], "impacts": [{"capecId": "CAPEC-30", "descriptions": [{"lang": "en", "value": "CAPEC-30 Hijacking a Privileged Thread of Execution"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Qualys", "product": "Cloud Agent", "versions": [{"status": "affected", "version": "2.5.1-75", "lessThan": "3.7", "versionType": "custom"}], "platforms": ["MacOS"], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Proof of Concept", "supportingMedia": [{"type": "text/html", "value": "Proof of Concept", "base64": false}]}], "solutions": [{"lang": "en", "value": "Upgrade to v3.7 for Qualys\nCloud Agent for MacOS.\n\n\n\n\n\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>Upgrade to v3.7 for Qualys\nCloud Agent for MacOS.</p>\n\n\n\n\n\n<br>", "base64": false}]}], "datePublic": "2023-04-18T16:00:00.000Z", "references": [{"url": "https://qualys.com/security-advisories"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nQualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7)\ninstaller allows a local escalation of privilege bounded only to the time of\ninstallation and only on older macOSX (macOS 10.15 and older) versions.\nAttackers may exploit incorrect file permissions to give them ROOT command\nexecution privileges on the host. During the install of the PKG, a step in the\nprocess involves extracting the package and copying files to several\ndirectories. Attackers may gain writable access to files during the install of\nPKG when extraction of the package and copying files to several directories,\nenabling a local escalation of privilege.\n\n\n\n\n\n\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "<p></p><p>Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7)\ninstaller allows a local escalation of privilege bounded only to the time of\ninstallation and only on older macOSX (macOS 10.15 and older) versions.\nAttackers may exploit incorrect file permissions to give them ROOT command\nexecution privileges on the host. During the install of the PKG, a step in the\nprocess involves extracting the package and copying files to several\ndirectories. Attackers may gain writable access to files during the install of\nPKG when extraction of the package and copying files to several directories,\nenabling a local escalation of privilege.</p>\n\n\n\n\n\n<p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-426", "description": "CWE-426 Untrusted Search Path"}]}], "providerMetadata": {"orgId": "8a309ac4-d8c7-4735-9c1d-ca39c5dfbcda", "shortName": "Qualys", "dateUpdated": "2023-04-18T15:54:16.031Z"}}}, "cveMetadata": {"cveId": "CVE-2023-28143", "state": "PUBLISHED", "dateUpdated": "2025-02-05T20:25:58.551Z", "dateReserved": "2023-03-10T21:23:28.797Z", "assignerOrgId": "8a309ac4-d8c7-4735-9c1d-ca39c5dfbcda", "datePublished": "2023-04-18T15:54:16.031Z", "assignerShortName": "Qualys"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qualys:cloud_agent:*:*:*:*:*:macos:*:*", "matchCriteriaId": "1FDE3FE5-9778-453F-A9EE-CC9978DEFEB2", "versionEndExcluding": "3.7", "versionStartIncluding": "2.5.1-75", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "22A86A9E-554E-48DD-A654-AC8AABED90FD", "versionEndIncluding": "10.15", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\nQualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7)\ninstaller allows a local escalation of privilege bounded only to the time of\ninstallation and only on older macOSX (macOS 10.15 and older) versions.\nAttackers may exploit incorrect file permissions to give them ROOT command\nexecution privileges on the host. During the install of the PKG, a step in the\nprocess involves extracting the package and copying files to several\ndirectories. Attackers may gain writable access to files during the install of\nPKG when extraction of the package and copying files to several directories,\nenabling a local escalation of privilege.\n\n\n\n\n\n\n\n\n\n"}], "id": "CVE-2023-28143", "lastModified": "2024-11-21T07:54:28.893", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "bugreport@qualys.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-18T16:15:09.223", "references": [{"source": "bugreport@qualys.com", "tags": ["Vendor Advisory"], "url": "https://qualys.com/security-advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://qualys.com/security-advisories"}], "sourceIdentifier": "bugreport@qualys.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}], "source": "bugreport@qualys.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-426"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}