Plattform
windows
Komponente
vipre-antivirus-plus
Behoben in
11.0.7
CVE-2023-32176 is a directory traversal vulnerability affecting VIPRE Antivirus Plus versions up to 11.0.6.22. This flaw allows a local attacker to escalate privileges by manipulating file paths within the SetPrivateConfig method. Successful exploitation requires the attacker to already have the ability to execute low-privileged code on the system. A patch is available to address this vulnerability.
Successful exploitation of CVE-2023-32176 allows a local attacker to escalate their privileges on a system running VIPRE Antivirus Plus. This means an attacker who already has some level of access (even limited) can gain significantly higher privileges, potentially allowing them to install malware, access sensitive data, or completely compromise the system. The lack of proper path validation is the root cause, enabling attackers to read or write files outside of the intended directory. This vulnerability shares similarities with other directory traversal exploits where attackers leverage predictable file system structures to bypass security controls.
CVE-2023-32176 was publicly disclosed on May 3, 2024. Its exploitation probability is considered medium due to the requirement for local access and the relatively straightforward nature of directory traversal exploits. No public proof-of-concept (PoC) code has been released as of this writing, but the vulnerability's nature makes it likely that one will emerge. It is not currently listed on the CISA KEV catalog.
Organizations and individuals using VIPRE Antivirus Plus, particularly those with legacy systems or configurations that may not be regularly updated, are at risk. Systems where user accounts have elevated privileges or where local access is not adequately controlled are also more vulnerable.
• windows / supply-chain:
Get-Process -Name VIPRE*• windows / supply-chain:
Get-WinEvent -LogName Application -Filter "EventID = 1001 and Source = VIPRE Antivirus Plus" -MaxEvents 10• windows / supply-chain:
reg query "HKLM\SOFTWARE\VIPRE\AntivirusPlus" /v SetPrivateConfigPathdisclosure
Exploit-Status
EPSS
0.08% (23% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2023-32176 is to upgrade to a patched version of VIPRE Antivirus Plus. Check the vendor's website for the latest available version. If immediate patching is not possible due to compatibility issues or system downtime concerns, consider restricting access to the vulnerable SetPrivateConfig method if feasible. While not a complete solution, this can reduce the attack surface. Monitor system logs for unusual file access patterns that might indicate exploitation attempts. After upgrading, confirm the vulnerability is resolved by attempting to access files outside the intended directory and verifying access is denied.
Actualice VIPRE Antivirus Plus a una versión posterior a la 11.0.6.22 para corregir la vulnerabilidad de escalada de privilegios. Consulte las notas de la versión más reciente en el sitio web de VIPRE para obtener instrucciones detalladas sobre la actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2023-32176 is a directory traversal vulnerability in VIPRE Antivirus Plus versions up to 11.0.6.22 that allows local attackers to escalate privileges by manipulating file paths.
You are affected if you are running VIPRE Antivirus Plus version 11.0.6.22 or earlier. Check your installed version against the vendor's advisory for confirmation.
Upgrade to the latest patched version of VIPRE Antivirus Plus. Refer to the vendor's website for the latest version and installation instructions.
Currently, there are no confirmed reports of active exploitation, but the potential for privilege escalation warrants close monitoring.
Please refer to the VIPRE website for the official advisory and security updates related to CVE-2023-32176.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.