CVE-2023-29820

Published: May 12, 2023Modified: Jan 24, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer. NOTE: the vendor's perspective is that this is not a separate vulnerability relative to CVE-2023-29818 and CVE-2023-29819.

Affected (1)

Products: Webroot: Secureanywhere

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Webroot Secureanywhere	Up to 9.0.33.39

Related CWEs

Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (6)

http://secureanywhere.com

Source: cve@mitre.org

Product

http://webroot.com

Source: cve@mitre.org

Product

https://www.spenceralessi.com/CVEs/2023-05-10-Webroot-SecureAnywhere/

Source: cve@mitre.org

Third Party Advisory

http://secureanywhere.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

http://webroot.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://www.spenceralessi.com/CVEs/2023-05-10-Webroot-SecureAnywhere/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.