Cyber Resilience

CVE-2023-31497

HighPublic PoC

Published: 11 May 2023

Published
11 May 2023
Modified
27 January 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0396 88.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-31497 is a high-severity an unspecified weakness vulnerability in Seqrite End Point Security. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 11.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2023-31497 is an incorrect access control vulnerability in Quick Heal Technologies Limited Seqrite Endpoint Security (EPS) affecting all versions prior to v8.0. The flaw enables local privilege escalation to root by supplying a crafted binary to the target system and is rated 7.8 under CVSS 3.1.

An attacker with a local account and low privileges can exploit the weakness without user interaction to obtain root-level control on systems running the vulnerable endpoint protection software. Public proof-of-concept code for the attack has been released on GitHub.

The EPSS score has remained in a moderate range near 0.12 with no material rise after disclosure.

EU & UK References

Vulnerability details

Incorrect access control in Quick Heal Technologies Limited Seqrite Endpoint Security (EPS) all versions prior to v8.0 allows attackers to escalate privileges to root via supplying a crafted binary to the target system.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

seqrite
end point security
≤ 8.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References