CVE-2023-43766
First published: Fri Sep 22 2023(Updated: )
Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Any of | ||
| F-Secure Linux Protection | =12.0 | |
| F-Secure Linux Security | =12.0 | |
| Linux Kernel | ||
| F-Secure Atlant | =1.0.35-1 | |
| All of | ||
| Any of | ||
| F-Secure Client Security | =15.00 | |
| F-Secure Endpoint Protection | >=17.0 | |
| F-secure Email And Server Security | =15.00 | |
| F-Secure Server Security | =15.00 | |
| Microsoft Windows | ||
| All of | ||
| Any of | ||
| F-Secure Client Security | =15.00 | |
| F-Secure Endpoint Protection | >=17.0 | |
| Apple iOS and macOS | ||
| F-Secure Linux Protection | =12.0 | |
| F-Secure Linux Security | =12.0 | |
| Linux Kernel | ||
| F-Secure Client Security | =15.00 | |
| F-Secure Endpoint Protection | >=17.0 | |
| F-secure Email And Server Security | =15.00 | |
| F-Secure Server Security | =15.00 | |
| Microsoft Windows | ||
| Apple iOS and macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
Which products are affected by CVE-2023-43766?
WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac
How can an attacker exploit CVE-2023-43766?
An attacker can exploit this vulnerability to escalate their privileges locally through the lhz archive unpack handler in certain WithSecure products.
What is the severity level of CVE-2023-43766?
The severity level of CVE-2023-43766 is high (7.8).
Where can I find more information about CVE-2023-43766?
You can find more information about CVE-2023-43766 on the WithSecure website: [link](https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn4).
How do I fix CVE-2023-43766?
To fix CVE-2023-43766, install the latest security updates provided by WithSecure.
- agent/author
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/event
- agent/first-publish-date
- agent/description
- agent/last-modified-date
- agent/weakness
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/f-secure
- canonical/f-secure linux protection
- version/f-secure linux protection/12.0
- canonical/f-secure linux security
- version/f-secure linux security/12.0
- vendor/linux
- canonical/linux kernel
- canonical/f-secure atlant
- version/f-secure atlant/1.0.35-1
- canonical/f-secure client security
- version/f-secure client security/15.00
- canonical/f-secure endpoint protection
- version/f-secure endpoint protection/17.0
- canonical/f-secure email and server security
- version/f-secure email and server security/15.00
- canonical/f-secure server security
- version/f-secure server security/15.00
- vendor/microsoft
- canonical/microsoft windows
- vendor/apple
- canonical/apple ios and macos