{"api_version":"1","generated_at":"2026-04-22T21:17:23+00:00","cve":"CVE-2023-28143","urls":{"html":"https://cve.report/CVE-2023-28143","api":"https://cve.report/api/cve/CVE-2023-28143.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-28143","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-28143"},"summary":{"title":"CVE-2023-28143","description":"Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7)\ninstaller allows a local escalation of privilege bounded only to the time of\ninstallation and only on older macOSX (macOS 10.15 and older) versions.\nAttackers may exploit incorrect file permissions to give them ROOT command\nexecution privileges on the host. During the install of the PKG, a step in the\nprocess involves extracting the package and copying files to several\ndirectories. Attackers may gain writable access to files during the install of\nPKG when extraction of the package and copying files to several directories,\nenabling a local escalation of privilege.","state":"PUBLIC","assigner":"bugreport@qualys.com","published_at":"2023-04-18 16:15:00","updated_at":"2023-04-28 00:42:00"},"problem_types":["CWE-426"],"metrics":[],"references":[{"url":"https://qualys.com/security-advisories","name":"https://qualys.com/security-advisories","refsource":"MISC","tags":[],"title":"Security Advisories | Qualys","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-28143","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28143","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"28143","vulnerable":"-1","versionEndIncluding":"10.15","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"28143","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qualys","cpe5":"cloud_agent","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"macos","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-28143","qid":"378361","title":"Qualys Cloud Agent For MacOS prior to 3.7.0.0 Local Privilege Esclation Vulnerability (Q-PVD-2023-04)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-28143","ASSIGNER":"bugreport@qualys.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"\nQualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7)\ninstaller allows a local escalation of privilege bounded only to the time of\ninstallation and only on older macOSX (macOS 10.15 and older) versions.\nAttackers may exploit incorrect file permissions to give them ROOT command\nexecution privileges on the host. During the install of the PKG, a step in the\nprocess involves extracting the package and copying files to several\ndirectories. Attackers may gain writable access to files during the install of\nPKG when extraction of the package and copying files to several directories,\nenabling a local escalation of privilege.\n\n\n\n\n\n\n\n\n\n"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-426 Untrusted Search Path","cweId":"CWE-426"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Qualys","product":{"product_data":[{"product_name":"Cloud Agent","version":{"version_data":[{"version_affected":"<","version_name":"2.5.1-75","version_value":"3.7"}]}}]}}]}},"references":{"reference_data":[{"url":"https://qualys.com/security-advisories","refsource":"MISC","name":"https://qualys.com/security-advisories"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"EXTERNAL"},"exploit":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Proof of Concept"}],"value":"Proof of Concept"}],"solution":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Upgrade to v3.7 for Qualys\nCloud Agent for MacOS.</p>\n\n\n\n\n\n<br>"}],"value":"Upgrade to v3.7 for Qualys\nCloud Agent for MacOS.\n\n\n\n\n\n\n\n\n"}],"credits":[{"lang":"en","value":"Lockheed Martin Red Team"}],"impact":{"cvss":[{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-04-18 16:15:00","lastModifiedDate":"2023-04-28 00:42:00","problem_types":["CWE-426"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH"},"exploitabilityScore":1,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:qualys:cloud_agent:*:*:*:*:*:macos:*:*","versionStartIncluding":"2.5.1-75","versionEndExcluding":"3.7","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.15","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":null,"notes":[]}}}