What is the severity of CVE-2023-29486?

The severity of CVE-2023-29486 is high due to the potential for arbitrary code execution and sensitive information exposure.

How do I fix CVE-2023-29486?

To fix CVE-2023-29486, upgrade Heimdal Thor agent to version 3.7.0 or later.

What versions of Heimdal Thor are affected by CVE-2023-29486?

Heimdalsecurity Thor agent versions 3.4.2 and earlier than 3.7.0 are affected by CVE-2023-29486.

Is CVE-2023-29486 limited to Windows?

CVE-2023-29486 specifically affects Heimdal Thor agent on Windows systems.

What type of issue is CVE-2023-29486?

CVE-2023-29486 allows attackers to bypass USB access restrictions and execute arbitrary code.

Vulnerability/
CVE-2023-29486

critical

9.8

CWE

1333

21/12/2023

25/9/2024

CVE-2023-29486

First published: Thu Dec 21 2023(Updated: )

An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component. NOTE: Heimdal argues that the limitation described here is a Microsoft Windows issue, not a Heimdal specific vulnerability. The USB control solution by Heimdal is meant to manage Microsoft Windows native USB restrictions. They maintain that their solution functions as a management layer over Windows settings and is not to blame for limitations in Windows' detection capabilities.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
All of
Heimdalsecurity Thor	<3.7.0
Microsoft Windows
All of
Heimdalsecurity Thor	<=2.6.9
Apple iOS and macOS

Never miss a vulnerability like this again

Reference Links

https://medium.com/%40drabek.a/weaknesses-in-heimdal-thors-line-of-products-9d0e5095fb93

Frequently Asked Questions

What is the severity of CVE-2023-29486?
The severity of CVE-2023-29486 is high due to the potential for arbitrary code execution and sensitive information exposure.
How do I fix CVE-2023-29486?
To fix CVE-2023-29486, upgrade Heimdal Thor agent to version 3.7.0 or later.
What versions of Heimdal Thor are affected by CVE-2023-29486?
Heimdalsecurity Thor agent versions 3.4.2 and earlier than 3.7.0 are affected by CVE-2023-29486.
Is CVE-2023-29486 limited to Windows?
CVE-2023-29486 specifically affects Heimdal Thor agent on Windows systems.
What type of issue is CVE-2023-29486?
CVE-2023-29486 allows attackers to bypass USB access restrictions and execute arbitrary code.

agent/type
agent/event
agent/softwarecombine
agent/first-publish-date
agent/severity
agent/references
agent/weakness
agent/author
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/description
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/heimdalsecurity
canonical/heimdalsecurity thor
vendor/microsoft
canonical/microsoft windows
version/heimdalsecurity thor/2.6.9
vendor/apple
canonical/apple ios and macos

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.