CVE-2023-26077 : Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory w

Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions.

Published 2023-07-24 18:15:23

Updated 2024-10-24 15:35:08

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2023-26077

Atera » Atera
Versions before (<) 1.8.3.7
cpe:2.3:a:atera:atera:*:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 15 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0008.md

Vulnerability-Disclosures/2023/MNDT-2023-0008.md at master · mandiant/Vulnerability-Disclosures · GitHub
Third Party Advisory
https://www.atera.com

RMM software for IT heroes | Atera
Product

CVEs referencing this url
https://github.com/mandiant/Vulnerability-Disclosures

GitHub - mandiant/Vulnerability-Disclosures
Third Party Advisory

CVEs referencing this url

Jump to