CVE-2023-28142
MEDIUMQualys Cloud Agent 3.1.3.34-4.5.3.1 - Privilege Escalation via Uninstall Race Condition
Title source: llmDescription
A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on that asset to run arbitrary commands. At the time of this disclosure, versions before 4.0 are classified as End of Life.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://www.qualys.com/security-advisories/
Scores
CVSS v3
6.7
EPSS
0.0013
EPSS Percentile
3.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-362
Status
published
Products (1)
qualys/cloud_agent
3.1.3.34 - 4.5.3.1
Published
Apr 18, 2023
Tracked Since
Feb 18, 2026