WebP CVE-2023-4863

datalink · October 5, 2023, 7:46am

Hi, a vulnerability tool I use along with Itarian, reports a WebP CVE-2023-4863 in Endpoint Manager Communication Client and in COMODO Client - Communication Updater.

nct · October 5, 2023, 9:01am

HI @datalink

Which version of the Communication Client and Comodo Client does it show has the vulnerability?

datalink · October 5, 2023, 9:45am

False alarm: on older version “Endpoint Manager Communication Client” v. 8.1.46264.23030 (not the Remote Control client). Anyway updating them to the latest version the CVE is no longer present.

ps: Communication Client and Comodo Client to which you refer are not the same thing?

nct · October 5, 2023, 10:00am

I thought you may have been referring to Comodo Client Security and Comodo (Itarian) Communication Client.

datalink · October 5, 2023, 11:07am

Update: I run again the vulnerability tool on an endpoint with latest version of Communication Client and Comodo Client Security and, unlike what said before, the tool still shows CVS-2023-4863 on the Communication client while the Comodo Client Security seems to be immune to it

nct · October 5, 2023, 11:22am

The latest Communication Client version is 8.3.47427.23090.
Have you updated it already?

datalink · October 5, 2023, 12:52pm

Odd I though it runs the latest version since I just downloaded it and manually installed from the portal since the update command from the portal seems not working
Anyway I will try to check the cve on the latest version or bettet I will send an email to the support to ask if the latest version if secure.

datalink · October 6, 2023, 9:34am

Hello,

Thank you for contacting ITarian technical support.

Our back-end team has stated that this is Chromium engine vulnerability - Security Update Guide - Microsoft Security Response Center

It is not related to ITarian Communication Client.

Regards,
ITarian Support

RT-AMS-ITarian · October 16, 2023, 12:31pm

Hi @datalink

ITarian Agent (Known as “Communication Client”) is different to Xcitium Communication Client in a few ways.

The issue or problem you have identified is as support state a Chromium browser issue. As far as I know and I’m guessing this is right due to supports answer, there is no chromium based browser components inside our agent(s).

tarrybrad · October 19, 2023, 6:05am

Hey there, I am on it’s previous version and having similar issue, so where should I take a look for it’s updated version?

datalink · October 19, 2023, 12:40pm

In my case I had to choose enrollment, download the latest version on the endpoint with the older version, rename it to remove the token and install it. Quite tedious

RT-AMS-ITarian · October 23, 2023, 3:45pm

Hi @tarrybrad

If you have configured the update section of your profile (update section from the ITarian Device group) this will automatically update your agents to your default version.

If your default version is not configured to be the latest you can change this under the settings->Portal Settings area inside Endpoint Manager.

Lastly, if you want to do just one device you can choose the install tool and do an update function and untick use default allowing you to choose the version you want to deploy.