SB2023042023 - Multiple vulnerabilities in APM Synthetic Playback Agent

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023042023

SB2023042023 - Multiple vulnerabilities in APM Synthetic Playback Agent

Published: April 20, 2023

Security Bulletin ID SB2023042023
Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 67% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Spoofing attack (CVE-ID: CVE-2023-25730)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to the possibility of screen hijacking. A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks.


2) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2023-25729)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to missing permissions prompts for opening external schemes were only shown for ContentPrincipals. A malicious extension can open external schemes without user interaction via ExpandedPrincipals and perform other potentially dangerous actions, such as downloading files or interacting with software already installed on the system.


3) Input validation error (CVE-ID: CVE-2023-25742)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Web Crypto ImportKey when importing SPKI RSA public key as ECDSA P-256. A remote attacker can trick the victim to import the public key and crash the browser tab.


4) Security features bypass (CVE-ID: CVE-2023-25734)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error when handling Windows .url shortcuts that are opened by the browser from the local filesystem. A remote attacker can trick the victim into launching a specially crafted shortcut that then initiates network requests from the operating system to the malicious server. A remote attacker can obtain potentially sensitive information including NTLM credentials.

Note, the vulnerability affects Windows installations only.



5) Out-of-bounds read (CVE-ID: CVE-2023-25738)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a missing validation of members of the DEVMODEW struct set by the printer device driver while printing web page in Windows. A remote attacker can trick the victim to print a specially crafted web page and crash the browser.

Note, the vulnerability affects Windows installations only.


6) Information disclosure (CVE-ID: CVE-2023-25728)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the Content-Security-Policy-Report-Only header can leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. A remote attacker can gain access to potentially sensitive information.


Remediation

Install update from vendor's website.

References