Insufficient verification of data authenticity vulnerability in Delinea Secret Server
CVE-2023-4589

9.1CRITICAL

Key Information:

Vendor

Delinea

Status
Secret Server
Vendor
CVE Published:
6 September 2023

What is CVE-2023-4589?

Delinea Secret Server version 10.9.000002 is vulnerable due to insufficient verification mechanisms for data authenticity during software updates. An attacker with administrative privileges can exploit this vulnerability by executing updates that lack proper integrity checks and digital signatures. This failure in the verification process permits the injection of malicious applications into the system under the guise of legitimate updates, posing significant security risks.

Affected Version(s)

Secret Server v10.9.000002

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

HĂ©ctor de Armas PadrĂłn (@3v4SI0N)
.