What is the vulnerability ID?

The vulnerability ID is CVE-2023-20084.

What is the severity level of CVE-2023-20084?

The severity level of CVE-2023-20084 is medium.

Which Cisco Secure Endpoint versions are affected by CVE-2023-20084?

Cisco Secure Endpoint versions 6.0.7 to 8.1.7 are affected by CVE-2023-20084.

How can an attacker exploit CVE-2023-20084?

An attacker can exploit CVE-2023-20084 by evading endpoint protection within a limited time window.

Where can I find more information about CVE-2023-20084?

You can find more information about CVE-2023-20084 [here](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd).

Vulnerability/
CVE-2023-20084

medium

CWE

437

22/11/2023

25/1/2024

CVE-2023-20084

First published: Wed Nov 22 2023(Updated: )

A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could exploit this vulnerability by persuading a user to put a malicious file into a specific folder and then persuading the user to execute the file within a limited time window. A successful exploit could allow the attacker to cause the endpoint software to fail to quarantine the malicious file or kill its process. Note: This vulnerability only applies to deployments that have the Windows Folder Redirection feature enabled.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Secure Endpoint
Cisco Secure Endpoint	=6.0.7
Cisco Secure Endpoint	=6.0.9
Cisco Secure Endpoint	=6.1.5
Cisco Secure Endpoint	=6.1.7
Cisco Secure Endpoint	=6.1.9
Cisco Secure Endpoint	=6.2.1
Cisco Secure Endpoint	=6.2.3
Cisco Secure Endpoint	=6.2.5
Cisco Secure Endpoint	=6.2.9
Cisco Secure Endpoint	=6.2.19
Cisco Secure Endpoint	=6.3.1
Cisco Secure Endpoint	=6.3.3
Cisco Secure Endpoint	=6.3.5
Cisco Secure Endpoint	=6.3.7
Cisco Secure Endpoint	=7.0.5
Cisco Secure Endpoint	=7.1.1
Cisco Secure Endpoint	=7.1.5
Cisco Secure Endpoint	=7.2.3
Cisco Secure Endpoint	=7.2.5
Cisco Secure Endpoint	=7.2.7
Cisco Secure Endpoint	=7.2.11
Cisco Secure Endpoint	=7.2.13
Cisco Secure Endpoint	=7.3.1
Cisco Secure Endpoint	=7.3.3
Cisco Secure Endpoint	=7.3.5
Cisco Secure Endpoint	=7.3.9
Cisco Secure Endpoint	=8.1.3
Cisco Secure Endpoint	=8.1.3.21242
Cisco Secure Endpoint	=8.1.5
Cisco Secure Endpoint	=8.1.5.21322
Cisco Secure Endpoint	=8.1.7
Cisco Secure Endpoint	=8.1.7.21417
Cisco Secure Endpoint	=8.1.7.21512
Cisco Secure Endpoint Private Cloud	<4.1.0

Never miss a vulnerability like this again

Reference Links

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2023-20084.
What is the severity level of CVE-2023-20084?
The severity level of CVE-2023-20084 is medium.
Which Cisco Secure Endpoint versions are affected by CVE-2023-20084?
Cisco Secure Endpoint versions 6.0.7 to 8.1.7 are affected by CVE-2023-20084.
How can an attacker exploit CVE-2023-20084?
An attacker can exploit CVE-2023-20084 by evading endpoint protection within a limited time window.
Where can I find more information about CVE-2023-20084?
You can find more information about CVE-2023-20084 [here](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd).

agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/author
agent/weakness
agent/references
agent/event
agent/description
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/cisco
canonical/cisco secure endpoint
version/cisco secure endpoint/6.0.7
version/cisco secure endpoint/6.0.9
version/cisco secure endpoint/6.1.5
version/cisco secure endpoint/6.1.7
version/cisco secure endpoint/6.1.9
version/cisco secure endpoint/6.2.1
version/cisco secure endpoint/6.2.3
version/cisco secure endpoint/6.2.5
version/cisco secure endpoint/6.2.9
version/cisco secure endpoint/6.2.19
version/cisco secure endpoint/6.3.1
version/cisco secure endpoint/6.3.3
version/cisco secure endpoint/6.3.5
version/cisco secure endpoint/6.3.7
version/cisco secure endpoint/7.0.5
version/cisco secure endpoint/7.1.1
version/cisco secure endpoint/7.1.5
version/cisco secure endpoint/7.2.3
version/cisco secure endpoint/7.2.5
version/cisco secure endpoint/7.2.7
version/cisco secure endpoint/7.2.11
version/cisco secure endpoint/7.2.13
version/cisco secure endpoint/7.3.1
version/cisco secure endpoint/7.3.3
version/cisco secure endpoint/7.3.5
version/cisco secure endpoint/7.3.9
version/cisco secure endpoint/8.1.3
version/cisco secure endpoint/8.1.3.21242
version/cisco secure endpoint/8.1.5
version/cisco secure endpoint/8.1.5.21322
version/cisco secure endpoint/8.1.7
version/cisco secure endpoint/8.1.7.21417
version/cisco secure endpoint/8.1.7.21512
canonical/cisco secure endpoint private cloud