Headline
CVE-2023-26077: GitHub - mandiant/Vulnerability-Disclosures
Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions.
Skip to content
Sign up
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
Explore
* All features
* Documentation
* GitHub Skills
* Blog
For
- Enterprise
- Teams
- Startups
- Education
By Solution
- CI/CD & Automation
- DevOps
- DevSecOps
Resources
- Customer Stories
- White papers, Ebooks, Webinars
- Partners
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
Repositories
* Topics
* Trending
* Collections
- Pricing
Search code, repositories, users, issues, pull requests…
Provide feedback
We read every piece of feedback, and take your input very seriously.
Include my email address so I can be contacted
Saved searches****Use saved searches to filter your results more quickly
Sign in
Sign up
mandiant / Vulnerability-Disclosures Public
- Notifications
- Fork 51
- Star 146
146 stars 51 forks Activity
Star
Notifications
- Code
- Issues 3
- Pull requests
- Actions
- Projects
- Security
- Insights
More
master
Switch branches/tags
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code
Clone
Use Git or checkout with SVN using the web URL.
Open with GitHub Desktop
Download ZIP
Latest commit
Aaron Carreras Add Atera CVE-2023-26077 and CVE-2023-26078 for Andrew Oliveau.
79876c5
Jul 24, 2023
Add Atera CVE-2023-26077 and CVE-2023-26078 for Andrew Oliveau.
79876c5
Git stats
- 134 commits
FilesPermalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
2022
2023
FEYE-2019-0001
FEYE-2019-0002
FEYE-2019-0003
FEYE-2019-0004
FEYE-2019-0005
FEYE-2019-0006
FEYE-2019-0007
FEYE-2019-0008
FEYE-2019-0009
FEYE-2019-0010
FEYE-2019-0011
FEYE-2019-0012
FEYE-2019-0013
FEYE-2019-0014
FEYE-2019-0015
FEYE-2020-0001
FEYE-2020-0002
FEYE-2020-0003
FEYE-2020-0004
FEYE-2020-0005
FEYE-2020-0006
FEYE-2020-0007
FEYE-2020-0008
FEYE-2020-0009
FEYE-2020-0010
FEYE-2020-0011
FEYE-2020-0012
FEYE-2020-0013
FEYE-2020-0014
FEYE-2020-0015
FEYE-2020-0016
FEYE-2020-0017
FEYE-2020-0018
FEYE-2020-0019
FEYE-2020-0020
FEYE-2021-0001
FEYE-2021-0002
FEYE-2021-0003
FEYE-2021-0004
FEYE-2021-0005
FEYE-2021-0006
FEYE-2021-0007
FEYE-2021-0008
FEYE-2021-0009
FEYE-2021-0010
FEYE-2021-0011
FEYE-2021-0012
FEYE-2021-0013
FEYE-2021-0014
FEYE-2021-0015
FEYE-2021-0016
FEYE-2021-0017
FEYE-2021-0018
FEYE-2021-0019
FEYE-2021-0020
FEYE-2021-0021
FEYE-2021-0022
FEYE-2021-0023
FEYE-2021-0024
FEYE-2021-0025
MNDT-2021-0001
MNDT-2021-0002
MNDT-2021-0003
MNDT-2021-0004
MNDT-2021-0005
MNDT-2021-0006
MNDT-2021-0007
MNDT-2021-0008
MNDT-2021-0009
MNDT-2021-0010
MNDT-2021-0011
MNDT-2021-0012
README.md
README.md
Mandiant Vulnerability Disclosures
This repository details vulnerabilities disclosed by Mandiant. These vulnerabilities were discovered by internal research, through Red Team assessments, or in use in the wild. Proof of concepts (PoCs) may or may not be provided.
The following licenses/licensing apply to this Mandiant repository:
- CC BY-SA 4.0 - For CVE related information not including source code (such as PoCs)
- MIT - For source code contained within provided CVE information
Mandiant coordinates and handles Vulnerability Disclosures in accordance with Google’s Vulnerability Disclosure Policy.
About
No description, website, or topics provided.
Resources
Readme
Activity
Stars
146 stars
Watchers
26 watching
Forks
51 forks
Report repository
Releases
No releases published
Packages
No packages published
Contributors 4
- RonnieSalomonsen Ronnie Salomonsen
- aaronc100 Aaron Carreras
- attritionorg Jericho
- ziadhany ziad hany
Languages
- C++ 100.0%
Related news
Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs.
Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, with the issues remediated in versions 1.8.3.7 and 1.8.4.9 released by Atera on April 17, 2023, and
Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, with the issues remediated in versions 1.8.3.7 and 1.8.4.9 released by Atera on April 17, 2023, and