exploitDog

CVE-2021-22159

Опубликовано: 26 янв. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a critical function, which allows a local authenticated Windows user to run arbitrary commands with the privileges of the Windows SYSTEM user. Agents for MacOS, Linux, and ITM Cloud are not affected.

Ссылки

https://www.proofpoint.com/us/security/security-advisories
Vendor Advisory
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0001
Vendor Advisory
https://www.proofpoint.com/us/security/security-advisories
Vendor Advisory
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0001
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*

Версия до 7.4.3 (исключая)

cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*

Версия от 7.5.0 (включая) до 7.5.4 (исключая)

cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*

Версия от 7.6.0 (включая) до 7.6.5 (исключая)

cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*

Версия от 7.7.0 (включая) до 7.7.5 (исключая)

cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*

Версия от 7.8.0 (включая) до 7.8.4 (исключая)

cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*

Версия от 7.9.0 (включая) до 7.9.3 (исключая)

cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*

Версия от 7.10.0 (включая) до 7.10.2 (исключая)

cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*

Версия от 7.11.0.0 (включая) до 7.11.0.25 (исключая)

EPSS

Процентиль: 10%

0.00034

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-52fx-r79r-42fh

CVSS3: 7.8

github

больше 3 лет назад

Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a critical function, which allows a local authenticated Windows user to run arbitrary commands with the privileges of the Windows SYSTEM user. Agents for MacOS, Linux, and ITM Cloud are not affected.

EPSS

Процентиль: 10%

0.00034

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-306