Plattform
windows
Komponente
vipre-antivirus-plus
Behoben in
11.0.7
CVE-2023-32177 is a directory traversal vulnerability discovered in VIPRE Antivirus Plus. This flaw allows local attackers to escalate privileges by exploiting insufficient path validation within the DeleteHistoryFile method. The vulnerability impacts versions up to 11.0.6.22. A patch is available from the vendor to address this issue.
Successful exploitation of CVE-2023-32177 allows a local attacker to gain elevated privileges on a system running VIPRE Antivirus Plus. This means an attacker who already has some level of access (e.g., a standard user account) can potentially gain control over the entire system, including access to sensitive data and the ability to install malicious software. The vulnerability stems from the lack of proper sanitization of user-supplied file paths, enabling attackers to traverse directories and access files they shouldn't be able to. This is a classic directory traversal attack pattern, similar to those seen in web applications, but adapted for a desktop application context.
CVE-2023-32177 was publicly disclosed on May 3, 2024. There is no indication of this vulnerability being actively exploited in the wild at this time. The EPSS score is likely to be low to medium, given the requirement for local access and the relatively recent disclosure. No public proof-of-concept exploits have been widely reported.
Organizations and individuals using VIPRE Antivirus Plus, particularly those running the affected version 11.0.6.22, are at risk. Systems with weak user account controls or those where standard users have elevated privileges are especially vulnerable. Shared hosting environments utilizing VIPRE Antivirus Plus could also be impacted if multiple users share the same system.
• windows / supply-chain:
Get-WinEvent -LogName Security -Filter "EventID=4688 -MessageText '*DeleteHistoryFile*'"• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*VIPRE*'} | Format-List TaskName, Actions• windows / supply-chain:
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /f "VIPRE"disclosure
Exploit-Status
EPSS
0.07% (21% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2023-32177 is to upgrade to the latest available version of VIPRE Antivirus Plus, which includes the necessary fix. If immediate upgrading is not possible due to compatibility issues or testing requirements, consider restricting user privileges to minimize the potential impact of a successful attack. While a direct WAF or proxy rule is unlikely to be effective for a desktop application, monitoring system logs for suspicious file access attempts related to VIPRE's file operations can provide early warning signs. After upgrade, confirm the fix by attempting to access restricted files using directory traversal techniques; access should be denied.
Actualice VIPRE Antivirus Plus a una versión posterior a la 11.0.6.22 para corregir la vulnerabilidad de escalada de privilegios. Consulte las notas de la versión del proveedor para obtener más detalles sobre la actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2023-32177 is a directory traversal vulnerability in VIPRE Antivirus Plus allowing local attackers to escalate privileges by manipulating file paths. It affects versions up to 11.0.6.22 and has a CVSS score of 7.8 (HIGH).
You are affected if you are using VIPRE Antivirus Plus version 11.0.6.22 or earlier. Check your installed version against the vendor's advisory for confirmation.
Upgrade to the latest patched version of VIPRE Antivirus Plus as provided by the vendor. Review the vendor's advisory for specific version details and instructions.
There is currently no confirmed evidence of active exploitation, but the availability of a proof-of-concept increases the risk. Monitor your systems for suspicious activity.
Refer to the VIPRE Security website or their support channels for the official advisory and patch information. Search for CVE-2023-32177 on their site.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.