{"api_version":"1","generated_at":"2026-04-23T02:38:06+00:00","cve":"CVE-2023-28141","urls":{"html":"https://cve.report/CVE-2023-28141","api":"https://cve.report/api/cve/CVE-2023-28141.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-28141","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-28141"},"summary":{"title":"CVE-2023-28141","description":"An NTFS Junction condition exists in the Qualys Cloud Agent\nfor Windows platform in versions before 4.8.0.31. Attackers may write files to\narbitrary locations via a local attack vector. This allows attackers to assume\nthe privileges of the process, and they may delete or otherwise on unauthorized\nfiles, allowing for the potential modification or deletion of sensitive files\nlimited only to that specific directory/file object. This vulnerability is\nbounded to the time of installation/uninstallation and can only be exploited locally.\n\n\n\nAt the time of this disclosure, versions before 4.0 are\nclassified as End of Life.","state":"PUBLIC","assigner":"bugreport@qualys.com","published_at":"2023-04-18 16:15:00","updated_at":"2023-04-28 14:04:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://www.qualys.com/security-advisories/","name":"https://www.qualys.com/security-advisories/","refsource":"MISC","tags":[],"title":"Security Advisories | Qualys","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-28141","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28141","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"28141","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qualys","cpe5":"cloud_agent","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-28141","qid":"378360","title":"Qualys Cloud Agent For Windows prior to 4.8.0.31 NTFS Junction Exploitation Vulnerability (Q-PVD-2023-02)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-28141","ASSIGNER":"bugreport@qualys.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"\nAn NTFS Junction condition exists in the Qualys Cloud Agent\nfor Windows platform in versions before 4.8.0.31. Attackers may write files to\narbitrary locations via a local attack vector. This allows attackers to assume\nthe privileges of the process, and they may delete or otherwise on unauthorized\nfiles, allowing for the potential modification or deletion of sensitive files\nlimited only to that specific directory/file object. This vulnerability is\nbounded to the time of installation/uninstallation and can only be exploited locally.\n\n\n\nAt the time of this disclosure, versions before 4.0 are\nclassified as End of Life.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-59 Improper Link Resolution Before File Access ('Link Following')","cweId":"CWE-59"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Qualys","product":{"product_data":[{"product_name":"Cloud Agent","version":{"version_data":[{"version_affected":"<","version_name":"3.1.3.34","version_value":"4.8.0.31"}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.qualys.com/security-advisories/","refsource":"MISC","name":"https://www.qualys.com/security-advisories/"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"EXTERNAL"},"exploit":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Proof of Concept"}],"value":"Proof of Concept"}],"solution":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\nUpgrade to 4.8.0.31 of Qualys Cloud Agent for Windows.\n\n<br>"}],"value":"\nUpgrade to 4.8.0.31 of Qualys Cloud Agent for Windows.\n\n\n"}],"credits":[{"lang":"en","value":"Lockheed Martin Red Team"}],"impact":{"cvss":[{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-04-18 16:15:00","lastModifiedDate":"2023-04-28 14:04:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":1,"impactScore":5.2}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:qualys:cloud_agent:*:*:*:*:*:windows:*:*","versionStartIncluding":"3.1.3.34","versionEndExcluding":"4.8.0.31","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}