CVE-2023-20084
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
22/11/2023
Last modified:
25/01/2024
Description
A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could exploit this vulnerability by persuading a user to put a malicious file into a specific folder and then persuading the user to execute the file within a limited time window. A successful exploit could allow the attacker to cause the endpoint software to fail to quarantine the malicious file or kill its process. Note: This vulnerability only applies to deployments that have the Windows Folder Redirection feature enabled.
Impact
Base Score 3.x
4.40
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:cisco:secure_endpoint:-:*:*:*:*:windows:*:* | ||
| cpe:2.3:a:cisco:secure_endpoint:6.0.7:*:*:*:*:windows:*:* | ||
| cpe:2.3:a:cisco:secure_endpoint:6.0.9:*:*:*:*:windows:*:* | ||
| cpe:2.3:a:cisco:secure_endpoint:6.1.5:*:*:*:*:windows:*:* | ||
| cpe:2.3:a:cisco:secure_endpoint:6.1.7:*:*:*:*:windows:*:* | ||
| cpe:2.3:a:cisco:secure_endpoint:6.1.9:*:*:*:*:windows:*:* | ||
| cpe:2.3:a:cisco:secure_endpoint:6.2.1:*:*:*:*:windows:*:* | ||
| cpe:2.3:a:cisco:secure_endpoint:6.2.3:*:*:*:*:windows:*:* | ||
| cpe:2.3:a:cisco:secure_endpoint:6.2.5:*:*:*:*:windows:*:* | ||
| cpe:2.3:a:cisco:secure_endpoint:6.2.9:*:*:*:*:windows:*:* | ||
| cpe:2.3:a:cisco:secure_endpoint:6.2.19:*:*:*:*:windows:*:* | ||
| cpe:2.3:a:cisco:secure_endpoint:6.3.1:*:*:*:*:windows:*:* | ||
| cpe:2.3:a:cisco:secure_endpoint:6.3.3:*:*:*:*:windows:*:* | ||
| cpe:2.3:a:cisco:secure_endpoint:6.3.5:*:*:*:*:windows:*:* | ||
| cpe:2.3:a:cisco:secure_endpoint:6.3.7:*:*:*:*:windows:*:* |
To consult the complete list of CPE names with products and versions, see this page