CVE-2023-4589 — CRITICAL (9.1)

Vulnerability Description

Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without proper integrity verification mechanisms. In this scenario, the update process lacks digital signatures and fails to validate the integrity of the update package, allowing the attacker to inject malicious applications during the update.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Delinea	Secret Server	10.9.000002

Related Weaknesses (CWE)

CWE-345

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-deliThird Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-deliThird Party Advisory

FAQ

What is CVE-2023-4589?

CVE-2023-4589 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without pro...

How severe is CVE-2023-4589?

CVE-2023-4589 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-4589?

Check the references section above for vendor advisories and patch information. Affected products include: Delinea Secret Server.