CVE-2023-6253
Saved Uninstall Key in Digital Guardian Agent Uninstaller
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file.
Una clave de cifrado guardada en el desinstalador Digital Guardian Agent anterior a la versión 7.9.4 permite a un atacante local recuperar la clave de desinstalación y eliminar el software extrayendo la clave de desinstalación de la memoria del archivo de desinstalación.
The uninstaller in Fortra Digital Guardian Agent versions prior to 7.9.4 suffers from a cross site scripting vulnerability. Additionally, the Agent Uninstaller handles sensitive data insecurely and caches the Uninstall key in memory. This key can be used to stop or uninstall the application. This allows a locally authenticated attacker with administrative privileges to disable the application temporarily or even remove the application from the system completely.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-11-22 CVE Reserved
- 2023-11-22 CVE Published
- 2023-11-30 EPSS Updated
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-922: Insecure Storage of Sensitive Information
CAPEC
- CAPEC-37: Retrieve Embedded Sensitive Data
References (4)
URL | Tag | Source |
---|---|---|
https://www.fortra.com/security | Product |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Fortra Search vendor "Fortra" | Digital Guardian Agent Search vendor "Fortra" for product "Digital Guardian Agent" | < 7.9.4 Search vendor "Fortra" for product "Digital Guardian Agent" and version " < 7.9.4" | - |
Affected
|