Page 2 of 11 results (0.006 seconds)

CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0

Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7) installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX (macOS 10.15 and older) versions. Attackers may exploit incorrect file permissions to give them ROOT command execution privileges on the host. During the install of the PKG, a step in the process involves extracting the package and copying files to several directories. Attackers may gain writable access to files during the install of PKG when extraction of the package and copying files to several directories, enabling a local escalation of privilege. • https://qualys.com/security-advisories • CWE-426: Untrusted Search Path •

CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0

A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on that asset to run arbitrary commands. At the time of this disclosure, versions before 4.0 are classified as End of Life. • https://www.qualys.com/security-advisories • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. Attackers may write files to arbitrary locations via a local attack vector. This allows attackers to assume the privileges of the process, and they may delete or otherwise on unauthorized files, allowing for the potential modification or deletion of sensitive files limited only to that specific directory/file object. This vulnerability is bounded to the time of installation/uninstallation and can only be exploited locally. At the time of this disclosure, versions before 4.0 are classified as End of Life. • https://www.qualys.com/security-advisories • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0

An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library (DLL) via a local attack vector instead of the DLL that the application was expecting, when processes are running with escalated privileges. This vulnerability is bounded only to the time of uninstallation and can only be exploited locally. At the time of this disclosure, versions before 4.0 are classified as End of Life. • https://www.qualys.com/security-advisories • CWE-427: Uncontrolled Search Path Element •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Qualys Cloud Agent 4.8.0-49. It executes programs at various full pathnames without first making ownership and permission checks (e.g., to help ensure that a program was installed by root) and without integrity checks (e.g., a checksum comparison against known legitimate programs). Also, the vendor recommendation is to install this agent software with root privileges. Thus, privilege escalation is possible on systems where any of these pathnames is controlled by a non-root user. An example is /opt/firebird/bin/isql, where the /opt/firebird directory is often owned by the firebird user. • http://packetstormsecurity.com/files/168367/Qualys-Cloud-Agent-Arbitrary-Code-Execution.html http://seclists.org/fulldisclosure/2022/Sep/10 http://software.firstworks.com/p/getting-started-with-firebird.html https://blog.qualys.com/product-tech/2022/08/15/qualys-security-updates-cloud-agent-for-linux https://blog.qualys.com/vulnerabilities-threat-research • CWE-354: Improper Validation of Integrity Check Value •