F Secure Policy Manager
CVE-2023-43762
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15.
AnalysisAI
Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15. Affected products include: Withsecure F-Secure Policy Manager, Withsecure Policy Manager Proxy.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in F Secure Policy Manager
View allArbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with t
Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. Rated medium severity (CVSS 6.1), th
Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within the F-Secure Policy
Share
External POC / Exploit Code
Leaving vuln.today