CVE-2023-43762 - Vulnerability Details - OpenCVE

Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.02277.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Withsecure	F-secure Policy Manager Policy Manager Proxy

Configuration 1 [-]

OR	cpe:2.3:a:withsecure:f-secure_policy_manager:15.00:::::linux_kernel::
	cpe:2.3:a:withsecure:f-secure_policy_manager:15.00:::::windows::
	cpe:2.3:a:withsecure:policy_manager_proxy:15.00:::::linux_kernel::
	cpe:2.3:a:withsecure:policy_manager_proxy:15.00:::::windows::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-48139	Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.withsecure.com/en/support/security-advisories
https://www.withsecure.com/en/support/security-advisories/cve-2023-43762
https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn511

History

Wed, 25 Sep 2024 16:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-09-22T00:00:00

Updated: 2024-09-25T15:55:58.498Z

Reserved: 2023-09-22T00:00:00

Link: CVE-2023-43762

Vulnrichment

Updated: 2024-08-02T19:52:10.970Z

NVD

Status : Modified

Published: 2023-09-22T05:15:09.530

Modified: 2024-11-21T08:24:44.153

Link: CVE-2023-43762

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-43762", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-09-25T15:55:58.498Z", "dateReserved": "2023-09-22T00:00:00", "datePublished": "2023-09-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-13T15:43:16.613902"}, "descriptions": [{"lang": "en", "value": "Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.withsecure.com/en/support/security-advisories"}, {"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn511"}, {"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-43762"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:52:10.970Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.withsecure.com/en/support/security-advisories", "tags": ["x_transferred"]}, {"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn511", "tags": ["x_transferred"]}, {"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-43762", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "withsecure", "product": "f-secure_policy_manager", "cpes": ["cpe:2.3:a:withsecure:f-secure_policy_manager:15.00:*:*:*:*:linux_kernel:*:*"], "defaultStatus": "unknown", "versions": [{"version": "15.00", "status": "affected"}]}, {"vendor": "withsecure", "product": "f-secure_policy_manager", "cpes": ["cpe:2.3:a:withsecure:f-secure_policy_manager:15.00:*:*:*:*:windows:*:*"], "defaultStatus": "unknown", "versions": [{"version": "15.00", "status": "affected"}]}, {"vendor": "withsecure", "product": "policy_manager_proxy", "cpes": ["cpe:2.3:a:withsecure:policy_manager_proxy:15.00:*:*:*:*:linux_kernel:*:*"], "defaultStatus": "unknown", "versions": [{"version": "15.00", "status": "affected"}]}, {"vendor": "withsecure", "product": "policy_manager_proxy", "cpes": ["cpe:2.3:a:withsecure:policy_manager_proxy:15.00:*:*:*:*:windows:*:*"], "defaultStatus": "unknown", "versions": [{"version": "15.00", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-25T15:16:41.660352Z", "id": "CVE-2023-43762", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-25T15:55:58.498Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.withsecure.com/en/support/security-advisories", "tags": ["x_transferred"]}, {"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn511", "tags": ["x_transferred"]}, {"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-43762", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:52:10.970Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-43762", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-25T15:16:41.660352Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:withsecure:f-secure_policy_manager:15.00:*:*:*:*:linux_kernel:*:*"], "vendor": "withsecure", "product": "f-secure_policy_manager", "versions": [{"status": "affected", "version": "15.00"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:withsecure:f-secure_policy_manager:15.00:*:*:*:*:windows:*:*"], "vendor": "withsecure", "product": "f-secure_policy_manager", "versions": [{"status": "affected", "version": "15.00"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:withsecure:policy_manager_proxy:15.00:*:*:*:*:linux_kernel:*:*"], "vendor": "withsecure", "product": "policy_manager_proxy", "versions": [{"status": "affected", "version": "15.00"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:withsecure:policy_manager_proxy:15.00:*:*:*:*:windows:*:*"], "vendor": "withsecure", "product": "policy_manager_proxy", "versions": [{"status": "affected", "version": "15.00"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-25T15:54:11.412Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.withsecure.com/en/support/security-advisories"}, {"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn511"}, {"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-43762"}], "descriptions": [{"lang": "en", "value": "Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-13T15:43:16.613902"}}}, "cveMetadata": {"cveId": "CVE-2023-43762", "state": "PUBLISHED", "dateUpdated": "2024-09-25T15:55:58.498Z", "dateReserved": "2023-09-22T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-09-22T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:withsecure:f-secure_policy_manager:15.00:*:*:*:*:linux_kernel:*:*", "matchCriteriaId": "3D9F1F8D-83A9-45F3-8663-C74C01680DEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:withsecure:f-secure_policy_manager:15.00:*:*:*:*:windows:*:*", "matchCriteriaId": "B9339090-9BBC-42D7-8754-A450AB7F51E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:withsecure:policy_manager_proxy:15.00:*:*:*:*:linux_kernel:*:*", "matchCriteriaId": "FAF05F1B-0F21-45E4-B5D6-16E70F60B65F", "vulnerable": true}, {"criteria": "cpe:2.3:a:withsecure:policy_manager_proxy:15.00:*:*:*:*:windows:*:*", "matchCriteriaId": "7CD6A445-7C2D-43DE-89DC-9B98EB4835FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15."}, {"lang": "es", "value": "Ciertos productos WithSecure permiten la Ejecuci\u00f3n Remota de C\u00f3digo No Autenticado a trav\u00e9s del servidor web (backend). Esto afecta a WithSecure Policy Manager 15 y Policy Manager Proxy 15."}], "id": "CVE-2023-43762", "lastModified": "2024-11-21T08:24:44.153", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-09-22T05:15:09.530", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.withsecure.com/en/support/security-advisories"}, {"source": "cve@mitre.org", "url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-43762"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn511"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.withsecure.com/en/support/security-advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-43762"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn511"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}