Описание
Webroot endpoint agents prior to version v9.0.28.48 did not protect the "%PROGRAMDATA%\WrData\PKG" directory against renaming. This could allow attackers to trigger a crash or wait upon Webroot service restart to rewrite and hijack dlls in this directory for privilege escalation.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 9.0.28.48 (исключая)
cpe:2.3:a:webroot:endpoint_agents:*:*:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00043
Низкий
7.8 High
CVSS3
6.9 Medium
CVSS2
Дефекты
CWE-732
Связанные уязвимости
github
больше 3 лет назад
Webroot endpoint agents prior to version v9.0.28.48 did not protect the "%PROGRAMDATA%\WrData\PKG" directory against renaming. This could allow attackers to trigger a crash or wait upon Webroot service restart to rewrite and hijack dlls in this directory for privilege escalation.
EPSS
Процентиль: 13%
0.00043
Низкий
7.8 High
CVSS3
6.9 Medium
CVSS2
Дефекты
CWE-732