Vulnerabilities > CVE-2023-29145 - Unspecified vulnerability in Malwarebytes Endpoint Detection and Response and Malwarebytes

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

malwarebytes

NVD

Published: 2023-06-30

Updated: 2023-07-11

Summary

The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger.

Vulnerable Configurations

Part	Description	Count
Application	Malwarebytes Malwarebytes Malwarebytes - Malwarebytes Malwarebytes 1.0.14 Malwarebytes Endpoint Detection AND Response - Malwarebytes Endpoint Detection AND Response 1.0.11	4

References

https://www.malwarebytes.com/secure/cves/cve-2023-29145
https://malwarebytes.com