CVE-2023-47263

Certain WithSecure products allow a Denial of Service (DoS) in the antivirus engine when scanning a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 15 and later.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.withsecure.com/en/support/security-advisories/cve-2023-47263	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

OR	cpe:2.3:a:withsecure:client_security:15:::::::*
	cpe:2.3:a:withsecure:elements_endpoint_protection::::::::
	cpe:2.3:a:withsecure:email_and_server_security:15:::::::*
	cpe:2.3:a:withsecure:server_security:15:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

OR	cpe:2.3:a:withsecure:client_security:15:::::::*
	cpe:2.3:a:withsecure:elements_endpoint_protection::::::::

Configuration 3 (hide)

AND

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

OR	cpe:2.3:a:withsecure:linux_protection:12.0:::::::*
	cpe:2.3:a:withsecure:linux_security_64:12.0:::::::*

Configuration 4 (hide)

cpe:2.3:a:withsecure:atlant:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-11-16 03:15

Updated : 2023-12-01 17:42

NVD link : CVE-2023-47263

Mitre link : CVE-2023-47263

CVE.ORG link : CVE-2023-47263

JSON object : View

Products Affected

withsecure

email_and_server_security
linux_security_64
elements_endpoint_protection
atlant
linux_protection
client_security
server_security

microsoft

windows

apple

macos

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-47263", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-11-16T03:15:07.290", "references": [{"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-47263", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Certain WithSecure products allow a Denial of Service (DoS) in the antivirus engine when scanning a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 15 and later."}, {"lang": "es", "value": "Ciertos productos WithSecure permiten una Denegaci\u00f3n de Servicio (DoS) en el motor antivirus al escanear un archivo PE32 difuso. Esto afecta a: \nWithSecure Client Security 15, \nWithSecure Server Security 15, \nWithSecure Email and Server Security 15, \nWithSecure Elements Endpoint Protection 17 y posteriores, \nWithSecure Client Security for Mac 15, \nWithSecure Elements Endpoint Protection for Mac 17 y posteriores, \nWithSecure Linux Security 64 12.0, \nWithSecure Linux Protection 12.0, \nWithSecure Atlant (formerly F-Secure Atlant) 15 y posteriores."}], "lastModified": "2023-12-01T17:42:55.113", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4"}, {"criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A", "versionStartIncluding": "17"}, {"criteria": "cpe:2.3:a:withsecure:email_and_server_security:15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E1B31DD-3C88-4826-8E24-588FED197C5D"}, {"criteria": "cpe:2.3:a:withsecure:server_security:15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "015D02AD-F46F-46DF-9CD8-E0DB78CE17DD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4"}, {"criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A", "versionStartIncluding": "17"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:withsecure:linux_protection:12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCA1C33E-551B-4CBF-A0C0-663A32611D29"}, {"criteria": "cpe:2.3:a:withsecure:linux_security_64:12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACBC6F42-8F62-4599-83F3-9E9147D46129"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:withsecure:atlant:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07CE65AD-1AEA-472D-BCBC-549CD3FA4208", "versionStartIncluding": "15.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}