Vulnerability Details CVE-2023-28140
An Executable Hijacking condition exists in the
Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers
may load a malicious copy of a Dependency Link Library (DLL) via a local
attack vector instead of the DLL that the application was expecting, when
processes are running with escalated privileges. This vulnerability
is bounded only to the time of uninstallation and can only be exploited
locally.
At the time of this disclosure, versions before 4.0 are classified as End of
Life.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 36.1%
CVSS Severity
CVSS v3 Score 6.7
Products affected by CVE-2023-28140
-
cpe:2.3:a:qualys:cloud_agent:3.1.3.34