CVE-2024-0313

Published: Mar 14, 2024

Modified: Aug 2, 2024

PUBLISHED

CVSS v3.1

5.5

MEDIUM

Description

A malicious insider exploiting this vulnerability can circumvent existing security controls put in place by the organization. On the contrary, if the victim is legitimately using the temporary bypass to reach out to the Internet for retrieving application and system updates, a remote device could target it and undo the bypass, thereby denying the victim access to the update service, causing it to fail.

Vendor	Product	Versions
Skyhigh	Skyhigh Client Proxy	affected `4.8.1`

Weaknesses (CWE)

CWE-670

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

References

https://kcm.trellix.com/corporate/index?page=content&id=SB10418

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-0313

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References