CVE-2023-35799

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Stormshield Endpoint Security Evolution versions 2.0.0 through 2.3.2

Description The issue allows an interactive user to create arbitrary files with local system privileges using the SES Evolution agent due to insecure permissions.

Recommendations For versions 2.0.0 through 2.3.2, consider restricting the privileges of the SES Evolution agent to prevent the creation of arbitrary files with local system privileges until a fix is available.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2023-35799

Affected Products

Stormshield Endpoint Security Evolution

CVE-2023-35799

Weakness Enumeration

Related Identifiers

Affected Products

References · 7