Lucene search

[email protected]CVE-2023-29818

HistoryMay 12, 2023 - 11:15 a.m.

CVE-2023-29818

2023-05-1211:15:12

[email protected]

web.nvd.nist.gov

webroot

secureanywhere

endpoint protection

cve-2023-29818

security

bypass

allowlist

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin.

Affected configurations

NVD

Node

webrootsecureanywhereRange≤9.0.33.39

CPENameOperatorVersion
webroot:secureanywherewebroot secureanywherele9.0.33.39

CPE	Name	Operator	Version
webroot:secureanywhere	webroot secureanywhere	le	9.0.33.39

References

secureanywhere.com

webroot.com

www.spenceralessi.com/CVEs/2023-05-10-Webroot-SecureAnywhere/

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-29818

prion2 cvelist2 nvd2 cve1