{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-20084", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2022-10-27T18:47:50.334Z", "datePublished": "2023-11-22T17:09:38.783Z", "dateUpdated": "2024-08-02T08:57:35.892Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-01-25T16:57:42.470Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could exploit this vulnerability by persuading a user to put a malicious file into a specific folder and then persuading the user to execute the file within a limited time window. A successful exploit could allow the attacker to cause the endpoint software to fail to quarantine the malicious file or kill its process. Note: This vulnerability only applies to deployments that have the Windows Folder Redirection feature enabled."}], "affected": [{"vendor": "Cisco", "product": "Cisco Secure Endpoint", "versions": [{"version": "6.0.9", "status": "affected"}, {"version": "6.0.7", "status": "affected"}, {"version": "6.1.5", "status": "affected"}, {"version": "6.1.7", "status": "affected"}, {"version": "6.1.9", "status": "affected"}, {"version": "6.2.1", "status": "affected"}, {"version": "6.2.5", "status": "affected"}, {"version": "6.2.19", "status": "affected"}, {"version": "6.2.3", "status": "affected"}, {"version": "6.2.9", "status": "affected"}, {"version": "6.3.5", "status": "affected"}, {"version": "6.3.1", "status": "affected"}, {"version": "6.3.7", "status": "affected"}, {"version": "6.3.3", "status": "affected"}, {"version": "7.0.5", "status": "affected"}, {"version": "7.1.1", "status": "affected"}, {"version": "7.1.5", "status": "affected"}, {"version": "7.2.13", "status": "affected"}, {"version": "7.2.7", "status": "affected"}, {"version": "7.2.3", "status": "affected"}, {"version": "7.2.11", "status": "affected"}, {"version": "7.2.5", "status": "affected"}, {"version": "7.3.1", "status": "affected"}, {"version": "7.3.9", "status": "affected"}, {"version": "7.3.3", "status": "affected"}, {"version": "7.3.5", "status": "affected"}, {"version": "8.1.7", "status": "affected"}, {"version": "8.1.5", "status": "affected"}, {"version": "8.1.3.21242", "status": "affected"}, {"version": "8.1.7.21512", "status": "affected"}, {"version": "8.1.3", "status": "affected"}, {"version": "8.1.5.21322", "status": "affected"}, {"version": "8.1.7.21417", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Incomplete Model of Endpoint Features", "type": "cwe", "cweId": "CWE-437"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd", "name": "cisco-sa-secure-endpoint-dos-RzOgFKnd"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-secure-endpoint-dos-RzOgFKnd", "discovery": "EXTERNAL", "defects": ["CSCwh78740"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:57:35.892Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd", "name": "cisco-sa-secure-endpoint-dos-RzOgFKnd", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:secure_endpoint:-:*:*:*:*:windows:*:*", "matchCriteriaId": "73BBFC84-0CBF-4A1A-BC85-58743828CB8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.0.7:*:*:*:*:windows:*:*", "matchCriteriaId": "9CBD2020-8CEC-4803-B8D0-8B8C051E3A17", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.0.9:*:*:*:*:windows:*:*", "matchCriteriaId": "F61FA930-DE23-4BA5-B854-5E672534B14D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.1.5:*:*:*:*:windows:*:*", "matchCriteriaId": "0DB04EC8-AE2F-4186-B9C1-C36CA7B639AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.1.7:*:*:*:*:windows:*:*", "matchCriteriaId": "D6D13A24-5CE0-44CD-A6FC-E0656C5FC99A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.1.9:*:*:*:*:windows:*:*", "matchCriteriaId": "994F00AC-6728-455E-A785-65BBBE20C7CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.2.1:*:*:*:*:windows:*:*", "matchCriteriaId": "18C64C5D-0100-4350-9784-90A214CD6A7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.2.3:*:*:*:*:windows:*:*", "matchCriteriaId": "6C4D34D1-809E-4910-A23A-10DF0C1A6997", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.2.5:*:*:*:*:windows:*:*", "matchCriteriaId": "C373761A-45AD-49E7-BF7E-27B7043A2769", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.2.9:*:*:*:*:windows:*:*", "matchCriteriaId": "C8A3A132-D202-4E5D-B9C1-DAF2916008FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.2.19:*:*:*:*:windows:*:*", "matchCriteriaId": "A4E9E097-45BA-4009-AD4E-D8182E6068FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.3.1:*:*:*:*:windows:*:*", "matchCriteriaId": "42A92525-2605-455D-93A9-E4AF1995CCB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.3.3:*:*:*:*:windows:*:*", "matchCriteriaId": "10C46D21-DA26-46C6-9C1E-69A51D076210", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.3.5:*:*:*:*:windows:*:*", "matchCriteriaId": "7B56C363-A5B8-4F91-8414-4271D83E997D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:6.3.7:*:*:*:*:windows:*:*", "matchCriteriaId": "6615CB6A-6B26-4F16-BC9B-6E8DB80B0DC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.0.5:*:*:*:*:windows:*:*", "matchCriteriaId": "AF8AF3D2-0507-470E-B8EA-45D2427FAA58", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.1.1:*:*:*:*:windows:*:*", "matchCriteriaId": "AB6D5375-A4F4-4B24-B377-AE8DDA898F2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.1.5:*:*:*:*:windows:*:*", "matchCriteriaId": "160F070E-CB81-4DA6-88D1-A01639B8D9D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.2.3:*:*:*:*:windows:*:*", "matchCriteriaId": "879BF746-BF6F-4E19-9543-06DB4190F3B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.2.5:*:*:*:*:windows:*:*", "matchCriteriaId": "3DCD32D3-5F52-45AC-952F-AED1DE87FDFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.2.7:*:*:*:*:windows:*:*", "matchCriteriaId": "4E9E10B5-D259-4E9D-8688-3A48970FC28A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.2.11:*:*:*:*:windows:*:*", "matchCriteriaId": "BE6734FD-FD35-4BD9-AE25-DA01D6B985E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.2.13:*:*:*:*:windows:*:*", "matchCriteriaId": "3C013C0C-C5E5-43A3-BFAB-7B92A86C6620", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.3.1:*:*:*:*:windows:*:*", "matchCriteriaId": "0CA4FD17-D6EE-4DBE-9F29-39D7AC67F6E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.3.3:*:*:*:*:windows:*:*", "matchCriteriaId": "E56295B4-219E-41FA-843C-A271DFC2D167", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.3.5:*:*:*:*:windows:*:*", "matchCriteriaId": "60B7C0C9-401D-4658-A683-22300A0007B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:7.3.9:*:*:*:*:windows:*:*", "matchCriteriaId": "1796BB1E-C26E-4394-A8C9-55D27A08367D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:8.1.3:*:*:*:*:windows:*:*", "matchCriteriaId": "D427238E-BFDC-4567-BAF8-C2DC5DDB3F6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:8.1.3.21242:*:*:*:*:windows:*:*", "matchCriteriaId": "C5309996-3287-4844-A116-12EFE751DB50", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:8.1.5:*:*:*:*:windows:*:*", "matchCriteriaId": "53C0527C-79BB-4954-970F-04A06FBD13E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:8.1.5.21322:*:*:*:*:windows:*:*", "matchCriteriaId": "94EFBC3A-9EA8-4922-BAB2-BA4AE6CC5287", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:8.1.7:*:*:*:*:windows:*:*", "matchCriteriaId": "A9B45180-615C-40D4-A726-0B19EEEC1052", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:8.1.7.21417:*:*:*:*:windows:*:*", "matchCriteriaId": "65D971B4-FC73-458C-80AA-A3EA0BB7DFD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:8.1.7.21512:*:*:*:*:windows:*:*", "matchCriteriaId": "0CE68809-1B04-4C6D-AE6D-2AB8AE76DC5F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "35AC2B5C-975C-47E3-BC8B-AFFBBE59ED6F", "versionEndExcluding": "4.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could exploit this vulnerability by persuading a user to put a malicious file into a specific folder and then persuading the user to execute the file within a limited time window. A successful exploit could allow the attacker to cause the endpoint software to fail to quarantine the malicious file or kill its process. Note: This vulnerability only applies to deployments that have the Windows Folder Redirection feature enabled."}, {"lang": "es", "value": "Una vulnerabilidad en el software de endpoint de Cisco Secure Endpoint para Windows podr\u00eda permitir que un atacante local autenticado evada la protecci\u00f3n del endpoint dentro de un per\u00edodo de tiempo limitado. Esta vulnerabilidad se debe a un problema de sincronizaci\u00f3n que ocurre entre varios componentes de software. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario para que coloque un archivo malicioso en una carpeta espec\u00edfica y luego persuadi\u00e9ndolo para que ejecute el archivo dentro de un per\u00edodo de tiempo limitado. Un exploit exitoso podr\u00eda permitir al atacante hacer que el software del terminal no ponga en cuarentena el archivo malicioso o finalice su proceso. Nota: Esta vulnerabilidad solo se aplica a implementaciones que tienen habilitada la funci\u00f3n Redirecci\u00f3n de carpetas de Windows."}], "id": "CVE-2023-20084", "lastModified": "2024-11-21T07:40:31.210", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 3.6, "source": "ykramarz@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-22T17:15:18.317", "references": [{"source": "ykramarz@cisco.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-437"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}