CVE-2023-29486

Name of the Vulnerable Software and Affected Versions Heimdal Thor agent versions 3.4.2 through 3.7.0

Description An issue in the Heimdal Thor agent allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via the Next-Gen Antivirus component. Heimdal argues that this limitation is a Microsoft Windows issue, not a Heimdal-specific vulnerability, as their USB control solution is meant to manage Microsoft Windows native USB restrictions.

Recommendations For Heimdal Thor agent versions 3.4.2 through 3.7.0, consider disabling the Next-Gen Antivirus component as a temporary workaround to minimize the risk of exploitation. Restrict access to USB devices to prevent bypassing of USB access restrictions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.