-
-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2023-23397 check not sufficient - FP #19
Comments
Yeah its hard when doing a lot of these scans and trying to keep them lightweight. Maybe it should be Vulnerable with a caveat that you should do a targettied check to confirm it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The script says that my system is prone to CVE-2023-23397.
Going after the debug log, it says so because it validated that the UNC path is in the wav file!?
If that is true, this is not a proof for being vulnerable. For that you would need to spin up something like responder to which the system that received the mail and opened the appointment actually would connect and auth to.
Testing this only locally seems to make no sense from my current perspective.
Also my system is up-to-date with all patches applied, so anyways should not be vulnerable.
The text was updated successfully, but these errors were encountered: