CVE-2023-6253 - OpenCVE

A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fortra	Digital Guardian Agent

Configuration 1 [-]

cpe:2.3:a:fortra:digital_guardian_agent:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/175956/Fortra-Digital-Guardian-Agent-Uninstaller-Cross-Site-Scripting-UninstallKey-Cached.html
http://seclists.org/fulldisclosure/2023/Nov/14
https://r.sec-consult.com/fortra
https://www.fortra.com/security

History

No history.

MITRE

Status: PUBLISHED

Assigner: SEC-VLab

Published: 2023-11-22T11:22:58.159Z

Updated: 2024-08-02T08:21:18.095Z

Reserved: 2023-11-22T11:08:26.968Z

Link: CVE-2023-6253

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-11-22T12:15:22.963

Modified: 2023-11-30T05:40:53.983

Link: CVE-2023-6253

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6253", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "state": "PUBLISHED", "assignerShortName": "SEC-VLab", "dateReserved": "2023-11-22T11:08:26.968Z", "datePublished": "2023-11-22T11:22:58.159Z", "dateUpdated": "2024-08-02T08:21:18.095Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Uninstaller"], "product": "Digital Guardian Agent ", "vendor": "Fortra", "versions": [{"lessThan": "7.9.4", "status": "affected", "version": "0", "versionType": "patch"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "J. Kruchem (SEC Consult Vulnerability Lab)"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "B. Gr\u00fcndling (SEC Consult Vulnerability Lab)"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "D. Hirschberger (SEC Consult Vulnerability Lab)"}], "datePublic": "2023-11-23T08:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file.<br>"}], "value": "A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file.\n"}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-922", "description": "CWE-922 Insecure Storage of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2023-11-22T11:22:58.159Z"}, "references": [{"url": "https://www.fortra.com/security"}, {"url": "https://r.sec-consult.com/fortra"}, {"url": "http://seclists.org/fulldisclosure/2023/Nov/14"}, {"url": "http://packetstormsecurity.com/files/175956/Fortra-Digital-Guardian-Agent-Uninstaller-Cross-Site-Scripting-UninstallKey-Cached.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The vendor provides an updated Agent version 7.9.4 which can be downloaded at the vendor's support page: <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.digitalguardian.com/services/support\">https://www.digitalguardian.com/services/support</a><br>"}], "value": "The vendor provides an updated Agent version 7.9.4 which can be downloaded at the vendor's support page: https://www.digitalguardian.com/services/support https://www.digitalguardian.com/services/support \n"}], "source": {"discovery": "UNKNOWN"}, "title": "Saved Uninstall Key in Digital Guardian Agent Uninstaller", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:21:18.095Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.fortra.com/security", "tags": ["x_transferred"]}, {"url": "https://r.sec-consult.com/fortra", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2023/Nov/14", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/175956/Fortra-Digital-Guardian-Agent-Uninstaller-Cross-Site-Scripting-UninstallKey-Cached.html", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortra:digital_guardian_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA40A180-146B-477B-9565-7B619F3CAB5D", "versionEndExcluding": "7.9.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file.\n"}, {"lang": "es", "value": "Una clave de cifrado guardada en el desinstalador Digital Guardian Agent anterior a la versi\u00f3n 7.9.4 permite a un atacante local recuperar la clave de desinstalaci\u00f3n y eliminar el software extrayendo la clave de desinstalaci\u00f3n de la memoria del archivo de desinstalaci\u00f3n."}], "id": "CVE-2023-6253", "lastModified": "2023-11-30T05:40:53.983", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-22T12:15:22.963", "references": [{"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/175956/Fortra-Digital-Guardian-Agent-Uninstaller-Cross-Site-Scripting-UninstallKey-Cached.html"}, {"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Nov/14"}, {"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "tags": ["Exploit", "Third Party Advisory"], "url": "https://r.sec-consult.com/fortra"}, {"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "tags": ["Product"], "url": "https://www.fortra.com/security"}], "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-922"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-922"}], "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "type": "Secondary"}]}