CVE-2023-35799
First published: Tue Jun 27 2023(Updated: )
Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Stormshield Endpoint Security | >=2.0.0<=2.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-35799?
CVE-2023-35799 refers to the Insecure Permissions vulnerability in Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2.
How does the Insecure Permissions vulnerability in Stormshield Endpoint Security Evolution occur?
The vulnerability occurs when an interactive user utilizes the SES Evolution agent to create arbitrary files with local system privileges, resulting in insecure permissions.
What is the severity of CVE-2023-35799?
The severity of CVE-2023-35799 is medium, with a CVSS score of 5.5.
How can I fix the Insecure Permissions vulnerability in Stormshield Endpoint Security Evolution?
To fix the vulnerability, it is recommended to update Stormshield Endpoint Security Evolution to a version higher than 2.3.2.
Where can I find more information about CVE-2023-35799?
You can find more information about CVE-2023-35799 in the advisories section of the Stormshield website.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/stormshield
- canonical/stormshield endpoint security
- version/stormshield endpoint security/2.0.0
- version/stormshield endpoint security/2.3.2