CVE-2023-28142 - Vulnerability Details - OpenCVE

A Race Condition exists in the Qualys Cloud Agent for Windows
platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to
escalate privileges limited on the local machine during uninstallation of the
Qualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on
that asset to run arbitrary commands.

At the time of this disclosure, versions before 4.0 are classified as End
of Life.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00061.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Qualys	Cloud Agent

Configuration 1 [-]

cpe:2.3:a:qualys:cloud_agent:*:*:*:*:*:windows:*:*

No data.

No data.

References

Link	Providers
https://www.qualys.com/security-advisories/

History

Tue, 04 Mar 2025 03:45:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Qualys

Published: 2023-04-18T15:51:58.344Z

Updated: 2025-03-03T19:22:08.808Z

Reserved: 2023-03-10T21:23:28.797Z

Link: CVE-2023-28142

Vulnrichment

Updated: 2024-08-02T12:30:24.555Z

NVD

Status : Modified

Published: 2023-04-18T16:15:09.153

Modified: 2024-11-21T07:54:28.780

Link: CVE-2023-28142

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28142", "assignerOrgId": "8a309ac4-d8c7-4735-9c1d-ca39c5dfbcda", "state": "PUBLISHED", "assignerShortName": "Qualys", "dateReserved": "2023-03-10T21:23:28.797Z", "datePublished": "2023-04-18T15:51:58.344Z", "dateUpdated": "2025-03-03T19:22:08.808Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Cloud Agent", "vendor": "Qualys", "versions": [{"lessThan": "4.5.3.1", "status": "affected", "version": " 3.1.3.34", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Lockheed Martin Red Team"}], "datePublic": "2023-04-18T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p></p><p>A Race Condition exists in the Qualys Cloud Agent for Windows\nplatform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to\nescalate privileges limited on the local machine during uninstallation of the\nQualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on\nthat asset to run arbitrary commands.<br>\n<br>\nAt the time of this disclosure, versions before 4.0 are classified as End\nof Life.</p>\n\n\n\n\n\n<br><p></p>\n\n\n\n\n\n"}], "value": "\nA Race Condition exists in the Qualys Cloud Agent for Windows\nplatform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to\nescalate privileges limited on the local machine during uninstallation of the\nQualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on\nthat asset to run arbitrary commands.\n\n\n\nAt the time of this disclosure, versions before 4.0 are classified as End\nof Life.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Proof of Concept"}], "value": "Proof of Concept"}], "impacts": [{"capecId": "CAPEC-26", "descriptions": [{"lang": "en", "value": "CAPEC-26 Leveraging Race Conditions"}]}, {"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8a309ac4-d8c7-4735-9c1d-ca39c5dfbcda", "shortName": "Qualys", "dateUpdated": "2023-04-18T15:51:58.344Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.qualys.com/security-advisories/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade to version 4.5.3.1 of the Qualys Cloud Agent for Windows"}], "value": "Upgrade to version\u00a04.5.3.1 of the Qualys Cloud Agent for Windows"}], "source": {"discovery": "EXTERNAL"}, "title": "Race Condition", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:30:24.555Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.qualys.com/security-advisories/"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-10T19:52:01.326887Z", "id": "CVE-2023-28142", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-03T19:22:08.808Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28142", "assignerOrgId": "8a309ac4-d8c7-4735-9c1d-ca39c5dfbcda", "state": "PUBLISHED", "assignerShortName": "Qualys", "dateReserved": "2023-03-10T21:23:28.797Z", "datePublished": "2023-04-18T15:51:58.344Z", "dateUpdated": "2025-03-03T19:22:08.808Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Cloud Agent", "vendor": "Qualys", "versions": [{"lessThan": "4.5.3.1", "status": "affected", "version": " 3.1.3.34", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Lockheed Martin Red Team"}], "datePublic": "2023-04-18T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p></p><p>A Race Condition exists in the Qualys Cloud Agent for Windows\nplatform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to\nescalate privileges limited on the local machine during uninstallation of the\nQualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on\nthat asset to run arbitrary commands.<br>\n<br>\nAt the time of this disclosure, versions before 4.0 are classified as End\nof Life.</p>\n\n\n\n\n\n<br><p></p>\n\n\n\n\n\n"}], "value": "\nA Race Condition exists in the Qualys Cloud Agent for Windows\nplatform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to\nescalate privileges limited on the local machine during uninstallation of the\nQualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on\nthat asset to run arbitrary commands.\n\n\n\nAt the time of this disclosure, versions before 4.0 are classified as End\nof Life.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Proof of Concept"}], "value": "Proof of Concept"}], "impacts": [{"capecId": "CAPEC-26", "descriptions": [{"lang": "en", "value": "CAPEC-26 Leveraging Race Conditions"}]}, {"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8a309ac4-d8c7-4735-9c1d-ca39c5dfbcda", "shortName": "Qualys", "dateUpdated": "2023-04-18T15:51:58.344Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.qualys.com/security-advisories/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade to version 4.5.3.1 of the Qualys Cloud Agent for Windows"}], "value": "Upgrade to version\u00a04.5.3.1 of the Qualys Cloud Agent for Windows"}], "source": {"discovery": "EXTERNAL"}, "title": "Race Condition", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:30:24.555Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.qualys.com/security-advisories/"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-28142", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-10T19:52:01.326887Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-03T19:22:03.385Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qualys:cloud_agent:*:*:*:*:*:windows:*:*", "matchCriteriaId": "A3C649A1-257A-441A-A11B-33208739DABD", "versionEndExcluding": "4.5.3.1", "versionStartIncluding": "3.1.3.34", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nA Race Condition exists in the Qualys Cloud Agent for Windows\nplatform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to\nescalate privileges limited on the local machine during uninstallation of the\nQualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on\nthat asset to run arbitrary commands.\n\n\n\nAt the time of this disclosure, versions before 4.0 are classified as End\nof Life.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"}], "id": "CVE-2023-28142", "lastModified": "2024-11-21T07:54:28.780", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "bugreport@qualys.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-18T16:15:09.153", "references": [{"source": "bugreport@qualys.com", "tags": ["Vendor Advisory"], "url": "https://www.qualys.com/security-advisories/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.qualys.com/security-advisories/"}], "sourceIdentifier": "bugreport@qualys.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "bugreport@qualys.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}