Vulnerabilities > CVE-2023-29487 - Unspecified vulnerability in Heimdalsecurity Thor

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

heimdalsecurity

critical

NVD

Published: 2023-12-21

Updated: 2024-09-25

Summary

An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module. NOTE: Heimdal asserts this is not a valid vulnerability. Their DNS Security for Endpoint solution includes an optional feature to provide extra information on the originating process that made a DNS request. The lack of process identification in DNS logs is therefore falsely categorized as a DoS issue.

Vulnerable Configurations

Part	Description	Count
Application	Heimdalsecurity Heimdalsecurity Thor 2.5.170 Heimdalsecurity Thor 2.5.171 Heimdalsecurity Thor 2.5.172 Heimdalsecurity Thor 2.5.173 Heimdalsecurity Thor 2.6.9 Heimdalsecurity Thor 3.5.3	6
OS	Microsoft Microsoft Windows -	1
OS	Apple Apple Macos -	1

References

https://medium.com/%40drabek.a/weaknesses-in-heimdal-thors-line-of-products-9d0e5095fb93