Lucene search

[email protected]CVE-2023-29820

HistoryMay 12, 2023 - 11:15 a.m.

CVE-2023-29820

2023-05-1211:15:12

CWE-668

[email protected]

web.nvd.nist.gov

cve

webroot secureanywhere

endpoint protection

information security

vulnerability

exe installer

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer. NOTE: the vendor’s perspective is that this is not a separate vulnerability relative to CVE-2023-29818 and CVE-2023-29819.

Affected configurations

NVD

Node

webrootsecureanywhereRange≤9.0.33.39

CPENameOperatorVersion
webroot:secureanywherewebroot secureanywherele9.0.33.39

CPE	Name	Operator	Version
webroot:secureanywhere	webroot secureanywhere	le	9.0.33.39

References

secureanywhere.com

webroot.com

www.spenceralessi.com/CVEs/2023-05-10-Webroot-SecureAnywhere/

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-29820

cvelist3 prion3 nvd3 cve2