WatchGuard EPDR and AD360 Advanced Protection Bypass Vulnerability via Registry Key
Advisory ID
WGSA-2023-00005
CVE
CVE-2023-26237
Impact
Medium
Status
Resolved
Product Family
Endpoint
Published Date
Updated Date
Workaround Available
True
CVSS Score
6.7
CVSS Vector
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
WatchGuard EPDR and Panda AD360 versions up to, and including, 8.00.22.0009 allows an adversary with local access and system privileges to bypass the Advanced Protection feature by setting a Windows registry key. A successful exploit of this vulnerability could allow an attacker to execute a binary that has not completed classification.
Affected
WatchGuard EPDR and Panda AD360 versions before 8.00.22.0010
Resolution
WatchGuard EPDR and Panda AD360 version 8.00.22.0010
Credits
Marcos Díaz Castiñeiras (https://www.linkedin.com/in/mdiazcast/) and Antón Ortigueira Vázquez (https://www.linkedin.com/in/antonortigueira/) from BlackArrow (Tarlogic).
Advisory Product List
Product Family
Product Branch
Product List
Endpoint
Panda AD360
AD360
Endpoint
WatchGuard EPDR
EPP,
EDR,
EPDR