Vulnerabilities > CVE-2023-29486 - Unspecified vulnerability in Heimdalsecurity Thor

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

heimdalsecurity

critical

NVD

Published: 2023-12-21

Updated: 2024-09-25

Summary

An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component. NOTE: Heimdal argues that the limitation described here is a Microsoft Windows issue, not a Heimdal specific vulnerability. The USB control solution by Heimdal is meant to manage Microsoft Windows native USB restrictions. They maintain that their solution functions as a management layer over Windows settings and is not to blame for limitations in Windows' detection capabilities.

Vulnerable Configurations

Part	Description	Count
Application	Heimdalsecurity Heimdalsecurity Thor 2.5.170 Heimdalsecurity Thor 2.5.171 Heimdalsecurity Thor 2.5.172 Heimdalsecurity Thor 2.5.173 Heimdalsecurity Thor 2.6.9 Heimdalsecurity Thor 3.5.3	6
OS	Microsoft Microsoft Windows -	1
OS	Apple Apple Macos -	1

References

https://medium.com/%40drabek.a/weaknesses-in-heimdal-thors-line-of-products-9d0e5095fb93