CVE-2023-37243

Time Line

Published

2024-03-19

Updated

2024-03-19

Firt exploit

2024-03-19

Overview

Descriptions (2)

NVD, NVD

CWE (1)

CWE-379: Creation of Temporary File in Directory with Insecure Permissions

CAPEC (1)

CAPEC-69: Target Programs with Elevated Privileges

Risk

CVSS Score

7.8 High

SSVC

Track*

KEV

EPSS

0.0%

Affected Products (-)

Vendors (2)

atera, microsoft

Products (2)

agent_package_availability, windows

Versions (1)

< 0.15.0.0

Intel Resources (-)

Advisories (-)

Exploits (-)

Plugins (-)

References (1)

General (1)

github

Exploits & POcs (-)

Patches (-)

Advisories (-)

Summary

Descriptions

The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\Windows\Temp\Agent.Package.Availability folder inherits permissions from C:\Windows\Temp and Agent.Package.Availability.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.

El archivo C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe se inicia automáticamente como SYSTEM cuando se reinicia el sistema. Dado que la carpeta C:\Windows\Temp\Agent.Package.Availability hereda permisos de C:\Windows\Temp y Agent.Package.Availability.exe es susceptible al DLL hijacking, los usuarios estándar pueden escribir una DLL maliciosa y elevar sus privilegios.

*Credits: Andrew Oliveau, Mandiant

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-06-29 CVE Reserved
2023-10-31 CVE Published
2023-11-01 EPSS Updated
2024-09-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-379: Creation of Temporary File in Directory with Insecure Permissions

CAPEC

CAPEC-69: Target Programs with Elevated Privileges

Threat Intelligence Resources (0)

Advisories (0)
Exploits (0)

Security Advisory details:

Select an advisory to view details here.

Select	Title	Date

Select an exploit to view details here.

References (1)

URL	Tag	Source
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0010.md	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Atera Search vendor "Atera"	Agent Package Availability Search vendor "Atera" for product "Agent Package Availability"	< 0.15.0.0 Search vendor "Atera" for product "Agent Package Availability" and version " < 0.15.0.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe

CVE-2023-37243

Severity Score

Exploit Likelihood

Affected Versions

Public Exploits

Exploited in Wild

Decision

Summary

Descriptions

CVSS Scores

SSVC

Timeline

CWE

CAPEC

Threat Intelligence Resources (0)

References (1)

Affected Vendors, Products, and Versions