QID 378359
Date Published: 2023-04-18
QID 378359: Qualys Cloud Agent For Windows prior to 4.5.3.1 Multiple Vulnerabilities (Q-PVD-2023-01 and Q-PVD-2023-03)
An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library (DLL) instead of the DLL that the application was expecting when processes are running with escalated privileges. This vulnerability is bounded only to the time of uninstallation.(CVE-2023-28140)
A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on that asset to run arbitrary commands.
At the time of this disclosure, versions before 4.0 are classified as End of Life.
Affected Version:
Qualys Cloud Agent for Windows prior to 4.5.3.1
QID Detection Logic:
Operating System: Windows
The detections checks for QualysAgent.exe versions before 4.5.3.1
Successful exploitation will lead to privilege escalation.
- Q-PVD-2023-01 -
www.qualys.com/security-advisories/cve-2023-28140/ - Q-PVD-2023-03 -
www.qualys.com/security-advisories/cve-2023-28142/
CVEs related to QID 378359
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| Q-PVD-2023-01 |
www.qualys.com/security-advisories/cve-2023-28140/ |
||
| Q-PVD-2023-03 |
www.qualys.com/security-advisories/cve-2023-28142/ |