CVE-2023-28142: Race Condition
First published: Tue Apr 18 2023(Updated: )
A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on that asset to run arbitrary commands. At the time of this disclosure, versions before 4.0 are classified as End of Life.
Credit: bugreport@qualys.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qualys Cloud Agent | >=3.1.3.34<4.5.3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-28142?
CVE-2023-28142 is a vulnerability that allows attackers to escalate privileges during the uninstallation of the Qualys Cloud Agent for Windows.
What is the severity of CVE-2023-28142?
CVE-2023-28142 has a severity rating of high.
How can attackers exploit CVE-2023-28142?
Attackers can exploit CVE-2023-28142 by gaining SYSTEM level privileges during the uninstallation of the Qualys Cloud Agent for Windows.
How can I fix CVE-2023-28142?
To fix CVE-2023-28142, update the Qualys Cloud Agent for Windows to version 4.5.3.1 or later.
Where can I find more information about CVE-2023-28142?
More information about CVE-2023-28142 can be found at the following link: [Qualys Security Advisories](https://www.qualys.com/security-advisories/)
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/qualys
- canonical/qualys cloud agent
- version/qualys cloud agent/3.1.3.34