CVE-2023-28142 MEDIUM

CVE-2023-28142: Race Condition

Vendor Qualys
Product Cloud Agent
Weakness CWE-362
Published April 18, 2023
Last update March 3, 2025

CVSS base score

6.7/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on that asset to run arbitrary commands. At the time of this disclosure, versions before 4.0 are classified as End of Life.

Key dates

02Disclosure timeline

April 18, 2023 CVE published
March 3, 2025 Record updated