// For flags

CVE-2023-42526

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

Algunos productos WithSecure permiten un bloqueo remoto de un motor de escaneo a través de la descompresión de archivos de datos manipulados. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email y Server Security 15, WithSecure Elements Endpoint Protection 17 y versiones posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y versiones posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2023-09-11 CVE Reserved
  • 2023-09-18 CVE Published
  • 2024-09-24 EPSS Updated
  • 2024-09-25 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-400: Uncontrolled Resource Consumption
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Withsecure
Search vendor "Withsecure"
Client Security
Search vendor "Withsecure" for product "Client Security"
15
Search vendor "Withsecure" for product "Client Security" and version "15"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Withsecure
Search vendor "Withsecure"
Elements Endpoint Protection
Search vendor "Withsecure" for product "Elements Endpoint Protection"
>= 17
Search vendor "Withsecure" for product "Elements Endpoint Protection" and version " >= 17"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Withsecure
Search vendor "Withsecure"
Email And Server Security
Search vendor "Withsecure" for product "Email And Server Security"
15
Search vendor "Withsecure" for product "Email And Server Security" and version "15"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Withsecure
Search vendor "Withsecure"
Server Security
Search vendor "Withsecure" for product "Server Security"
15
Search vendor "Withsecure" for product "Server Security" and version "15"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Withsecure
Search vendor "Withsecure"
Client Security
Search vendor "Withsecure" for product "Client Security"
15
Search vendor "Withsecure" for product "Client Security" and version "15"
-
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Withsecure
Search vendor "Withsecure"
Elements Endpoint Protection
Search vendor "Withsecure" for product "Elements Endpoint Protection"
>= 17
Search vendor "Withsecure" for product "Elements Endpoint Protection" and version " >= 17"
-
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Withsecure
Search vendor "Withsecure"
Linux Protection
Search vendor "Withsecure" for product "Linux Protection"
12.0
Search vendor "Withsecure" for product "Linux Protection" and version "12.0"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Withsecure
Search vendor "Withsecure"
Linux Security 64
Search vendor "Withsecure" for product "Linux Security 64"
12.0
Search vendor "Withsecure" for product "Linux Security 64" and version "12.0"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Withsecure
Search vendor "Withsecure"
Atlant
Search vendor "Withsecure" for product "Atlant"
1.0.35-1
Search vendor "Withsecure" for product "Atlant" and version "1.0.35-1"
-
Affected