CVE-2023-43765

Vulnerability

The vulnerability resides in the aeelf component of multiple WithSecure security products. It allows a denial-of-service (DoS) attack by causing a crash when scanning a specially crafted document file. Affected versions include: WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0, Linux Protection 12.0, and WithSecure Atlant 1.0.35-1 [1].

Exploitation

An attacker can trigger the vulnerability by providing a malicious document file to be scanned by the affected product. The attack vector is local or remote depending on the product deployment (e.g., a file delivered via email or web download). No authentication is required if the scanning occurs automatically; user interaction is limited to the victim opening or receiving the file.

Impact

Successful exploitation results in a crash of the aeelf component, causing a denial of service. The attacker can cause the security product to fail, potentially leaving the system unprotected temporarily until the service is restarted. There is no evidence of code execution or privilege escalation.

Mitigation

WithSecure has released security advisories; users should update to fixed versions as per vendor guidance [1]. For specific version fix details, refer to WithSecure's official advisory. No workaround is documented. The vulnerability is not listed in CISA KEV as of September 2023.