CVE-2023-6253

Published: Nov 22, 2023Modified: Feb 13, 2025

6.0

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Exploitability: 0.8 / Impact: 5.2

Source: NVD

Description

A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller key from the memory of the uninstaller file.

Affected (1)

Products: Fortra: Digital Guardian Agent

Fortra

1 product

Digital Guardian Agent

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fortra Digital Guardian Agent	Before 7.9.4

Related CWEs

CWE-922

Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

References (8)

http://packetstormsecurity.com/files/175956/Fortra-Digital-Guardian-Agent-Uninstaller-Cross-Site-Scripting-UninstallKey-Cached.html

Source: 551230f0-3615-47bd-b7cc-93e92e730bbf

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2023/Nov/14

Source: 551230f0-3615-47bd-b7cc-93e92e730bbf

ExploitMailing ListThird Party Advisory

https://r.sec-consult.com/fortra

Source: 551230f0-3615-47bd-b7cc-93e92e730bbf

ExploitThird Party Advisory

https://www.fortra.com/security

Source: 551230f0-3615-47bd-b7cc-93e92e730bbf

Product

http://packetstormsecurity.com/files/175956/Fortra-Digital-Guardian-Agent-Uninstaller-Cross-Site-Scripting-UninstallKey-Cached.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2023/Nov/14

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

https://r.sec-consult.com/fortra

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.fortra.com/security

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.