Information Disclosure Vulnerability in Proofpoint Threat Response Services
CVE-2023-2820

6.8MEDIUM

Key Information:

Vendor: Proofpoint
Status: Threat Response Auto Pull
Vendor: CVE Published:; 14 June 2023

Summary

A vulnerability present in Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) allows attackers on adjacent networks to exploit weaknesses in the faye endpoint. This could enable them to capture session traffic or perform cryptanalysis, potentially exposing credentials to integrated services. With these credentials, an attacker could impersonate PTR/TRAP and gain unauthorized access to sensitive services. Affected versions include all prior to 5.10.0.

Affected Version(s)

Threat Response Auto Pull 0 < 5.10.0

References

https://www.proofpoint.com/security/security-advisories/p...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2023
Vulnerability Reserved
May 19, 2023