Insider Threat: Bypass Temporary Fix Can Be Circumvented
CVE-2024-0313

5.5MEDIUM

Key Information:

Vendor: Skyhigh
Status: Skyhigh Client Proxy
Vendor: CVE Published:; 14 March 2024

What is CVE-2024-0313?

A malicious insider exploiting this vulnerability can circumvent existing security controls put in place by the organization. On the contrary, if the victim is legitimately using the temporary bypass to reach out to the Internet for retrieving application and system updates, a remote device could target it and undo the bypass, thereby denying the victim access to the update service, causing it to fail.

Affected Version(s)

Skyhigh Client Proxy Windows 4.8.1

References

https://kcm.trellix.com/corporate/index?page=content&id=S...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 14, 2024
Vulnerability Reserved
Jan 8, 2024

Credit

Winston Ho (@violenttestpen)