Strix
26.1K

CVE-2023-2226

MEDIUMCVSS 5.3/10EPSS 0.38%

Last modified

CVE-2023-2226 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files.  For this attack to succeed, the attacker needs to be able to introduce malicious files to the system at the same time that Velociraptor attempts to collect any artifacts that attempt to parse PE files, Authenticode signatures, or OLE files. After crashing, the Velociraptor service will restart and it will still be possible to collect other artifacts. . EPSS estimates a 0.38% chance of exploitation in the next 30 days.

Description

Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files.  For this attack to succeed, the attacker needs to be able to introduce malicious files to the system at the same time that Velociraptor attempts to collect any artifacts that attempt to parse PE files, Authenticode signatures, or OLE files. After crashing, the Velociraptor service will restart and it will still be possible to collect other artifacts.

Metrics

CVSS 3.1
5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Probability
0.38%

30.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Rapid7Velociraptor< 0.6.8

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-2226?
Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files.  For this attack to succeed, the attacker needs to be able to introduce malicious files to the system at the same time that Velociraptor attempts to collect any artifacts that attempt to parse PE files, Authenticode signatures, or OLE files. After crashing, the Velociraptor service will restart and it will still be possible to collect other artifacts.
How severe is CVE-2023-2226?
CVE-2023-2226 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 0.38% probability of exploitation in the next 30 days.
How do I fix CVE-2023-2226?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-2226?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST