Cisco Secure Endpoint for Windows: Local Auth Timing Attack Evades Protection
CVE-2023-20084 Published on November 22, 2023

A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could exploit this vulnerability by persuading a user to put a malicious file into a specific folder and then persuading the user to execute the file within a limited time window. A successful exploit could allow the attacker to cause the endpoint software to fail to quarantine the malicious file or kill its process. Note: This vulnerability only applies to deployments that have the Windows Folder Redirection feature enabled.

NVD

Vulnerability Analysis

CVE-2023-20084 is exploitable with local system access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

HIGH

Weakness Type

Incomplete Model of Endpoint Features

A product acts as an intermediary or monitor between two or more endpoints, but it does not have a complete model of an endpoint's features, behaviors, or state, potentially causing the product to perform incorrect actions based on this incomplete model.

Products Associated with CVE-2023-20084

stack.watch emails you whenever new vulnerabilities are published in Cisco Secure Endpoint or Cisco Secure Endpoint Private Cloud. Just hit a watch button to start following.

Cisco Secure Endpoint

Cisco Secure Endpoint Private Cloud

Affected Versions

Cisco Secure Endpoint:

Version 6.0.9 is affected.
Version 6.0.7 is affected.
Version 6.1.5 is affected.
Version 6.1.7 is affected.
Version 6.1.9 is affected.
Version 6.2.1 is affected.
Version 6.2.5 is affected.
Version 6.2.19 is affected.
Version 6.2.3 is affected.
Version 6.2.9 is affected.
Version 6.3.5 is affected.
Version 6.3.1 is affected.
Version 6.3.7 is affected.
Version 6.3.3 is affected.
Version 7.0.5 is affected.
Version 7.1.1 is affected.
Version 7.1.5 is affected.
Version 7.2.13 is affected.
Version 7.2.7 is affected.
Version 7.2.3 is affected.
Version 7.2.11 is affected.
Version 7.2.5 is affected.
Version 7.3.1 is affected.
Version 7.3.9 is affected.
Version 7.3.3 is affected.
Version 7.3.5 is affected.
Version 8.1.7 is affected.
Version 8.1.5 is affected.
Version 8.1.3.21242 is affected.
Version 8.1.7.21512 is affected.
Version 8.1.3 is affected.
Version 8.1.5.21322 is affected.
Version 8.1.7.21417 is affected.

Exploit Probability

EPSS

0.10%

Percentile

28.14%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.