CVE-2023-29485
CRITICALHeimdal Thor < 3.5.3 - Unauthenticated Arbitrary Code Execution via DarkLayer Guard Module
Title source: llmDescription
An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention module. NOTE: Heimdal disputes the validity of this issue arguing that their DNS Security for Endpoint filters DNS traffic on the endpoint by intercepting system-generated DNS requests. The product was not designed to intercept DNS requests from third-party solutions.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://medium.com/%40drabek.a/weaknesses-in-heimdal-thors-line-of-products-9d0e5095fb93
Scores
CVSS v3
9.8
EPSS
0.0096
EPSS Percentile
56.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (1)
heimdalsecurity/thor
< 3.5.3
Published
Dec 21, 2023
Tracked Since
Feb 18, 2026