CVE-2022-38775

Опубликовано: 26 янв. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

Ссылки

https://discuss.elastic.co/t/endpoint-security-8-4-1-security-statement/323753
Vendor Advisory
https://www.elastic.co/community/security
Vendor Advisory
https://discuss.elastic.co/t/endpoint-security-8-4-1-security-statement/323753
Vendor Advisory
https://www.elastic.co/community/security
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:elastic:endpoint_security:*:*:*:*:*:*:*:*

Версия до 8.4.1 (исключая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00141

Низкий

7.8 High

CVSS3

Дефекты

CWE-269

NVD-CWE-noinfo

Связанные уязвимости

GHSA-w54m-96qg-mxgp