CVE-2023-29081

Published: Jan 26, 2024Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A vulnerability has been reported in Suite Setups built with versions prior to InstallShield 2023 R2. This vulnerability may allow locally authenticated users to cause a Denial of Service (DoS) condition when handling move operations on local, temporary folders.

Affected (20)

Products: Flexera: Installshield

Flexera

1 product

Installshield

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Flexera Installshield	Version 2016
Flexera Installshield	Version 2016 sp1
Flexera Installshield	Version 2016 sp2
Flexera Installshield	Version 2017
Flexera Installshield	Version 2017 sp1
Flexera Installshield	Version 2018
Flexera Installshield	Version 2018 r2
Flexera Installshield	Version 2018 sp1
Flexera Installshield	Version 2019
Flexera Installshield	Version 2019 r2
Flexera Installshield	Version 2019 r3
Flexera Installshield	Version 2020
Flexera Installshield	Version 2020 r2
Flexera Installshield	Version 2020 r3
Flexera Installshield	Version 2020 r3sp1
Flexera Installshield	Version 2021 r1
Flexera Installshield	Version 2021 r2
Flexera Installshield	Version 2022 r1
Flexera Installshield	Version 2022 r2
Flexera Installshield	Version 2023 r1

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2023-29081-InstallShield-Symlink-Vulnerability-Affecting/ta-p/305052

Source: PSIRT-CNA@flexerasoftware.com

Third Party Advisory

https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2023-29081-InstallShield-Symlink-Vulnerability-Affecting/ta-p/305052

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.