SES Evolution superfluous agent directory ACL entry (CVE-2023-35800)

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2023-021 CVE-2023-35800 06/14/2023 low v1

Vulnerability details

An ACL entry on an SES Evolution agent directory is too permissive.

Impacted products

ProductsSeverityDetail
Stormshield Endpoint Security low SES is impacted

Revisions

Version Date Description
v1 Initial release


Stormshield Endpoint Security

CVSS v3.1 Overall Score: 2.4      

Analysis

Impacted version

An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators, in case agent self-protection has been previously deactivated.
  • SES 2.0.0 to 2.4.2

Workaround solution

Solution

The vulnerability can be mitigated by disabling maintenance mode and challenges on SES Evolution agents, and preventing non-administrator users from booting in safe mode in the system configuration, so that the agent self-protection cannot be deactivated.

The 2.4.3 update fixes this vulnerability.



Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Local Low Low None Unchanged Low None None
CVSS Base score: 3.3 CVSS Vector: (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Exploit Code Maturity Remediation Level Report Confidence
Proof of concept code Official fix Confirmed
CVSS Temporal score: 3 CVSS Vector: (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C)
Confidentiality Requirement Integrity Requirement Availability Requirement
Low Low Low
CVSS Environmental score: 2.4 CVSS Vector: (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)