CVE-2023-42524
📋 TL;DR
This vulnerability allows an attacker to cause a denial of service by triggering an infinite loop in the scanning engine of affected WithSecure security products. The infinite loop can be triggered by submitting unspecified file types to the scanning engine, potentially causing resource exhaustion and service disruption. Affected users include organizations running WithSecure Client Security, Server Security, Email and Server Security, Elements Endpoint Protection, Linux Security, and Atlant products.
💻 Affected Systems
- WithSecure Client Security
- WithSecure Server Security
- WithSecure Email and Server Security
- WithSecure Elements Endpoint Protection
- WithSecure Client Security for Mac
- WithSecure Elements Endpoint Protection for Mac
- Linux Security 64
- Linux Protection
- WithSecure Atlant
📦 What is this software?
Atlant by Withsecure
Client Security by Withsecure
Client Security by Withsecure
Linux Protection by Withsecure
Linux Security 64 by Withsecure
Server Security by Withsecure
⚠️ Risk & Real-World Impact
Worst Case
Complete denial of service on affected security products, potentially disabling security monitoring and leaving systems unprotected while requiring manual intervention to restore functionality.
Likely Case
Degraded performance or temporary service disruption of security scanning functions, potentially allowing malicious files to bypass detection during the outage.
If Mitigated
Minimal impact with proper monitoring and rapid response procedures in place to restart affected services.
🎯 Exploit Status
The vulnerability requires submitting specific file types to trigger the infinite loop, but no public exploit details are available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched versions
Vendor Advisory: https://www.withsecure.com/en/support/security-advisories
Restart Required: Yes
Instructions:
1. Check the WithSecure security advisory for specific patch versions. 2. Update affected products to the latest patched version. 3. Restart the security services after patching. 4. Verify the update was successful.
🔧 Temporary Workarounds
Temporary scanning bypass
allTemporarily disable scanning for unknown file types or implement file type restrictions
Resource monitoring and restart
allImplement monitoring for scanning engine resource consumption and automatic restart procedures
🧯 If You Can't Patch
- Implement strict file upload controls and filtering for unknown file types
- Deploy additional monitoring for scanning engine processes and implement automated alerting for abnormal resource consumption
🔍 How to Verify
Check if Vulnerable:
Check product version against affected versions listed in the WithSecure advisoryCheck Version:
Check product-specific documentation for version query commands (varies by product)Verify Fix Applied:
Verify product version has been updated to a version not listed in the advisory as vulnerable📡 Detection & Monitoring
Log Indicators:
- Scanning engine process consuming 100% CPU for extended periods
- Repeated scanning failures for specific file types
- Service restart events for security scanning components
Network Indicators:
- Unusual file upload patterns to systems with affected products
- Increased scanning latency or timeouts
SIEM Query:
process_name:"scanning_engine" AND cpu_usage:>95% AND duration:>5min