CVE-2023-26236

Published Oct 5, 2023

Last updated 2 months ago

CVSS high 7.8

Overview

Description: An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on Windows by sending a crafted message to a named pipe.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-269

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:watchguard:epp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FCB7410D-4F42-49A1-B65F-2F57FBED5591"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:watchguard:epp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2361AC95-E9B5-4494-B4D3-A516E92E0180",
            "versionEndExcluding": "8.00.22.0010"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:watchguard:edr:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9BE98983-49EA-4B3D-B561-509DF3244630"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:watchguard:edr_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0BB0A60-F997-44F6-9B83-D89525D5E90B",
            "versionEndExcluding": "8.00.22.0010"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:watchguard:epdr:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CC28BE1A-C558-4132-8376-A1177030CB90"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:watchguard:epdr_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E547FF3-E496-4AF4-8BA4-67D92E104335",
            "versionEndExcluding": "8.00.22.0010"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:watchguard:panda_ad360:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8521691C-F38A-4E4C-ADE7-717218F2E951"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:watchguard:panda_ad360_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FE92F05-0078-4B53-A282-5C7B9D70F17B",
            "versionEndExcluding": "8.00.22.0010"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References