CVE-2023-6253
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
22/11/2023
Last modified:
13/02/2025
Description
A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file.
Impact
Base Score 3.x
6.00
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:fortra:digital_guardian_agent:*:*:*:*:*:*:*:* | 7.9.4 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://packetstormsecurity.com/files/175956/Fortra-Digital-Guardian-Agent-Uninstaller-Cross-Site-Scripting-UninstallKey-Cached.html
- http://seclists.org/fulldisclosure/2023/Nov/14
- https://r.sec-consult.com/fortra
- https://www.fortra.com/security
- http://packetstormsecurity.com/files/175956/Fortra-Digital-Guardian-Agent-Uninstaller-Cross-Site-Scripting-UninstallKey-Cached.html
- http://seclists.org/fulldisclosure/2023/Nov/14
- https://r.sec-consult.com/fortra
- https://www.fortra.com/security