Multiple vulnerabilities in Proofpoint Enterprise Protection



Risk Critical
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2023-0089
CVE-2023-0090
CWE-ID CWE-94
Exploitation vector Network
Public exploit N/A
Vulnerable software
Proofpoint Enterprise Protection
Server applications / DLP, anti-spam, sniffers

Vendor Proofpoint

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Code Injection

EUVDB-ID: #VU73183

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0089

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in webutils. A local user can execute arbitrary perl code on the target system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Proofpoint Enterprise Protection: before 8.13.22 patch 4566

CPE2.3 External links

http://www.proofpoint.com/security/security-advisories/pfpt-sa-2023-0001
http://www.proofpoint.com/us/node/124741


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Code Injection

EUVDB-ID: #VU73184

Risk: Critical

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0090

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in the webservices API. A remote non-authenticated attacker can send a specially crafted request and execute arbitrary perl code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Proofpoint Enterprise Protection: before 8.13.22 patch 4566

CPE2.3 External links

http://www.proofpoint.com/security/security-advisories/pfpt-sa-2023-0001
http://www.proofpoint.com/us/node/124741


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###