Improper certificate validation in Proofpoint Insider Threat Management agent for macOS
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-4801 |
| CWE-ID | CWE-295 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Insider Threat Management Agent for macOS Client/Desktop applications / Software for system administration |
| Vendor |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Improper Certificate Validation
EUVDB-ID: #VU80805
Risk: Medium
CVSSv3.1: 7.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4801
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper certification validation. A remote attacker with ability to intercept communication between agent and server can perform MitM attack and compromise the vulnerable agent.
Install updates from vendor's website.
Vulnerable software versionsInsider Threat Management Agent for macOS: before 7.15.0
External linkshttp://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-006
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
