Kibana authenticated Denial of Service issue (ESA-2023-02)
A flaw(CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to to perform a request that crashes the Kibana server process.
Affected Versions:
Kibana Versions 7.0.0 through 7.17.8 and 8.0.0 through 8.6.0
Solutions and Mitigations:
Users are suggested to upgrade to 7.17.9 and 8.6.1
CVSSv3: 6.5 (Medium) - AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE ID: CVE-2022-38778
Elastic Endpoint Security Local Privilege Escalation issue (ESA-2023-01)
An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
Affected Versions:
Elastic Security versions up to 7.17.8 and 8.4.3
Elastic Endgame versions up to 3.62.2
Elastic Endpoint Security Solutions and Mitigations:
The issue is fixed in versions 7.17.9 and 8.5.0 of the Elastic Endpoint.
If you are unable to upgrade, a partial workaround is to disable the quarantine feature in Advanced Policy by setting windows.advanced.malware.quarantine to false. If this is done, Elastic Endpoint will still block malware when in prevent mode but will not quarantine it. This workaround only partially mitigates the issue. For a complete solution, please upgrade to 7.17.9 or 8.5.0.
Elastic Endgame Security Solutions and Mitigations:
The issue is fixed in version 3.62.3 of the Endgame Sensor.
If you are unable to upgrade, a partial workaround is to disable the affected code by ensuring the following policy settings are not set to Prevent and Quarantine:
- MALWARE (WINDOWS)
- MALICIOUS OFFICE FILE (WINDOWS)
- BLOCKLIST
This workaround only partially mitigates the issue. For a complete solution, please upgrade to 3.62.3.
CVSSv3: 7.5 (High) - AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE ID: CVE-2022-38777