CVE-2023-35800: SES Evolution superfluous agent directory ACL entry (CVE-2023-35800)

SES Evolution superfluous agent directory ACL entry (CVE-2023-35800)

Advisory ID

CVE Number

Date discovered

Severity

Advisory revision

STORM-2023-021

CVE-2023-35800

06/14/2023

low

v1

Vulnerability details

An ACL entry on an SES Evolution agent directory is too permissive.

Impacted products

Products

Severity

Detail

Stormshield Endpoint Security

low

SES is impacted

Revisions

Version

Date

Description

v1

Initial release

Stormshield Endpoint Security

**CVSS v3.1 Overall Score: 2.4 **

Analysis

Impacted version

An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators, in case agent self-protection has been previously deactivated.

• SES 2.0.0 to 2.4.2

Workaround solution

Solution

The vulnerability can be mitigated by disabling maintenance mode and challenges on SES Evolution agents, and preventing non-administrator users from booting in safe mode in the system configuration, so that the agent self-protection cannot be deactivated.

The 2.4.3 update fixes this vulnerability.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability impact

Local

Low

Low

None

Unchanged

Low

None

None

CVSS Base score: 3.3

CVSS Vector: (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Exploit Code Maturity

Remediation Level

Report Confidence

Proof of concept code

Official fix

Confirmed

CVSS Temporal score: 3

CVSS Vector: (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C)

Confidentiality Requirement

Integrity Requirement

Availability Requirement

Low

Low

Low

CVSS Environmental score: 2.4

CVSS Vector: (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)