OpenCVE

An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the server's configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure of sensitive data events from the agent about the personally identifiable information (PII) and intellectual property it monitors, and all such data could be altered or deleted before reaching the ITM Server. An attacker must first successfully obtain valid agent credentials and agent hostname. All versions prior to 7.14.3.69 are affected.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Proofpoint	Insider Threat Management Insider Threat Management Server

Configuration 1 [-]

cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0008
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-008

History

Tue, 24 Sep 2024 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Proofpoint insider Threat Management Server
CPEs		cpe:2.3:a:proofpoint:insider_threat_management_server::::::::
Vendors & Products		Proofpoint insider Threat Management Server
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Proofpoint

Published: 2023-09-13T15:16:13.903Z

Updated: 2024-09-24T19:52:35.463Z

Reserved: 2023-09-07T21:55:26.257Z

Link: CVE-2023-4828

Vulnrichment

Updated: 2024-08-02T07:38:00.805Z

NVD

Status : Modified

Published: 2023-09-13T16:15:11.197

Modified: 2024-11-21T08:36:03.453

Link: CVE-2023-4828

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4828", "assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46", "state": "PUBLISHED", "assignerShortName": "Proofpoint", "dateReserved": "2023-09-07T21:55:26.257Z", "datePublished": "2023-09-13T15:16:13.903Z", "dateUpdated": "2024-09-24T19:52:35.463Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ITM Server", "vendor": "Proofpoint", "versions": [{"changes": [{"at": "7.14.3.69", "status": "unaffected"}], "lessThanOrEqual": "7.14.3", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2023-09-13T15:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the server's configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure of sensitive data events from the agent about the personally identifiable information (PII) and intellectual property it monitors, and all such data could be altered or deleted before reaching the ITM Server. An attacker must first successfully obtain valid agent credentials and agent hostname. All versions prior to 7.14.3.69 are affected."}], "value": "An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the server's configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure of sensitive data events from the agent about the personally identifiable information (PII) and intellectual property it monitors, and all such data could be altered or deleted before reaching the ITM Server. An attacker must first successfully obtain valid agent credentials and agent hostname. All versions prior to 7.14.3.69 are affected."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46", "shortName": "Proofpoint", "dateUpdated": "2023-10-13T21:50:46.186Z"}, "references": [{"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-008"}], "source": {"discovery": "UNKNOWN"}, "title": "ITM Server Communications Hijack", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:38:00.805Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-008", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "proofpoint", "product": "insider_threat_management_server", "cpes": ["cpe:2.3:a:proofpoint:insider_threat_management_server:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "7.14.3", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-24T19:36:23.827352Z", "id": "CVE-2023-4828", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T19:52:35.463Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-008", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:38:00.805Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4828", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-24T19:36:23.827352Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:proofpoint:insider_threat_management_server:*:*:*:*:*:*:*:*"], "vendor": "proofpoint", "product": "insider_threat_management_server", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "7.14.3"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T19:52:30.416Z"}}], "cna": {"title": "ITM Server Communications Hijack", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Proofpoint", "product": "ITM Server", "versions": [{"status": "affected", "changes": [{"at": "7.14.3.69", "status": "unaffected"}], "version": "0", "versionType": "semver", "lessThanOrEqual": "7.14.3"}], "defaultStatus": "unaffected"}], "datePublic": "2023-09-13T15:00:00.000Z", "references": [{"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-008"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the server's configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure of sensitive data events from the agent about the personally identifiable information (PII) and intellectual property it monitors, and all such data could be altered or deleted before reaching the ITM Server. An attacker must first successfully obtain valid agent credentials and agent hostname. All versions prior to 7.14.3.69 are affected.", "supportingMedia": [{"type": "text/html", "value": "An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the server's configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure of sensitive data events from the agent about the personally identifiable information (PII) and intellectual property it monitors, and all such data could be altered or deleted before reaching the ITM Server. An attacker must first successfully obtain valid agent credentials and agent hostname. All versions prior to 7.14.3.69 are affected.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions"}]}], "providerMetadata": {"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46", "shortName": "Proofpoint", "dateUpdated": "2023-10-13T21:50:46.186Z"}}}, "cveMetadata": {"cveId": "CVE-2023-4828", "state": "PUBLISHED", "dateUpdated": "2024-09-24T19:52:35.463Z", "dateReserved": "2023-09-07T21:55:26.257Z", "assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46", "datePublished": "2023-09-13T15:16:13.903Z", "assignerShortName": "Proofpoint"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "F9FC2AE2-2895-4A5C-A150-241CBDE2476A", "versionEndExcluding": "7.14.3.69", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the server's configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure of sensitive data events from the agent about the personally identifiable information (PII) and intellectual property it monitors, and all such data could be altered or deleted before reaching the ITM Server. An attacker must first successfully obtain valid agent credentials and agent hostname. All versions prior to 7.14.3.69 are affected."}, {"lang": "es", "value": "Un atacante podr\u00eda utilizar una verificaci\u00f3n inadecuada de una condici\u00f3n excepcional en el servidor Insider Threat Management (ITM) para cambiar la configuraci\u00f3n del servidor de cualquier agente ya registrado para que el mismo env\u00ede todas las comunicaciones futuras a una URL elegida por el atacante. Esto podr\u00eda resultar en la divulgaci\u00f3n de eventos de datos confidenciales por parte del agente sobre Personally Identifiable Information (PII) y la propiedad intelectual que monitoriza, y todos esos datos podr\u00edan modificarse o eliminarse antes de llegar al servidor ITM. Un atacante primero debe obtener con \u00e9xito credenciales de agente y un agent hostname v\u00e1lido. Todas las versiones anteriores a la 7.14.3.69 se ven afectadas."}], "id": "CVE-2023-4828", "lastModified": "2024-11-21T08:36:03.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.7, "source": "security@proofpoint.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-13T16:15:11.197", "references": [{"source": "security@proofpoint.com", "tags": ["Broken Link"], "url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-008"}, {"source": "nvd@nist.gov", "tags": ["Vendor Advisory"], "url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0008"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-008"}], "sourceIdentifier": "security@proofpoint.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "security@proofpoint.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-754"}], "source": "nvd@nist.gov", "type": "Primary"}]}