Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA61974
HistoryNov 14, 2023 - 12:00 a.m.

KLA61974 Multiple vulnerabilities in Microsoft System Center

2023-11-1400:00:00
Kaspersky Lab
threats.kaspersky.com
9
microsoft system center
vulnerabilities
privilege escalation
sensitive information
windows defender
operations manager 2019
operations manager 2022
operations manager 2016
cve-2023-36422
cve-2023-36043
update solution
osi
windows os

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.7%

JSON

Multiple vulnerabilities were found in Microsoft System Center. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Microsoft Windows Defender can be exploited remotely to gain privileges.
  2. An information disclosure vulnerability in Open Management Infrastructure can be exploited remotely to obtain sensitive information.

Original advisories

CVE-2023-36422

CVE-2023-36043

Related products

Microsoft-Windows

Microsoft-System-Center-Operations-Manager

Windows-Defender

CVE list

CVE-2023-36422 critical

CVE-2023-36043 high

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • System Center Operations Manager (SCOM) 2019System Center Operations Manager (SCOM) 2022System Center Operations Manager (SCOM) 2016Windows Defender Antimalware Platform

Related

mscve 2
cve 2
nvd 2
cvelist 2
prion 2
vulnrichment 1
nessus 2
rapid7blog 1
mscve
mscve
Microsoft Windows Defender Elevation of Privilege Vulnerability
2023-11-14 08:00:00
Open Management Infrastructure Information Disclosure Vulnerability
2023-11-14 08:00:00
cve
cve
CVE-2023-36043
2023-11-14 18:15:34
CVE-2023-36422
2023-11-14 18:15:45
nvd
nvd
CVE-2023-36422
2023-11-14 18:15:45
CVE-2023-36043
2023-11-14 18:15:34
cvelist
cvelist
CVE-2023-36043 Open Management Infrastructure Information Disclosure Vulnerability
2023-11-14 17:57:12
CVE-2023-36422 Microsoft Windows Defender Elevation of Privilege Vulnerability
2023-11-14 17:57:10
prion
prion
Information disclosure
2023-11-14 18:15:00
Privilege escalation
2023-11-14 18:15:00
vulnrichment
vulnrichment
CVE-2023-36043 Open Management Infrastructure Information Disclosure Vulnerability
2023-11-14 17:57:12
nessus
nessus
Security Updates for Microsoft Open Management Infrastructure (November 2023)
2023-11-17 00:00:00
Security Updates for Windows Defender (November 2023)
2023-11-16 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - November 2023
2023-11-14 21:27:09

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.7%

JSON
Related for KLA61974
mscve2cve2nvd2cvelist2prion2vulnrichment1nessus2rapid7blog1