System Privileges Escalation

System Privileges Escalation

Advisory ID	CVE Number	Date discovered	Severity	Advisory revision
STORM-2023-034	CVE-2023-47267	11/10/2023	medium	v2

Vulnerability details

A vulnerability in the VPN client can lead to a privilege escalation on Windows operating systems.

Impacted products

Products	Severity	Detail
Stormshield Network VPN Client	medium	Stormshield Network VPN Client is impacted

Revisions

Version	Date	Description
v1	11/30/2023	Initial release
v2	12/18/2023	Public release

Stormshield Network VPN Client

CVSS v3.1 Overall Score: 5.2

Analysis	Impacted version
A malware can use the VPN Client to write and delete a registry key allowing an execution with privilege escalation to SYSTEM.	6.87.108 Standard and earlier

Workaround solution

Solution

There is no workaround solution.

The following version will fix this vulnerability:

6.87.210 Standard

Attack Vector	Attack Complexity	Privileges Required	User Interaction	Scope	Confidentiality Impact	Integrity Impact	Availability impact
Local	Low	Low	None	Changed	High	High	None

CVSS Base score: 8.4	CVSS Vector: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N)

Exploit Code Maturity	Remediation Level	Report Confidence
Unproven that exploit exists	Official fix	Confirmed

CVSS Temporal score: 7.3	CVSS Vector: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C)

Confidentiality Requirement (CR)	Integrity Requirement (IR)	Availability Requirement (AR)
Medium	Medium	Medium

CVSS Environmental score: 5.2	CVSS Vector: (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C/CR:M/IR:M/AR:M/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)

RSS Feed Contact Report a vulnerability Legal terms STORMSHIELD Corporate website Personal Data