CVE-2023-7169

Summary

Authentication Bypass by Spoofing vulnerability in Snow Software Snow Inventory Agent on Windows allows Signature Spoof.This issue affects Snow Inventory Agent: through 6.14.5. Customers advised to upgrade to version 7.0

Affected Software

VendorProductVersion RangeStatus
Snow SoftwareSnow Inventory Agent0 <= 6.14.5affected

Weaknesses

  • CWE-290: CWE-290 Authentication Bypass by Spoofing

Workarounds

Validate all powershell scripts by public hashes 

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References