exploitDog

CVE-2022-43997

Опубликовано: 26 янв. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

Incorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege escalation. There is an insufficiently protected handle to the A180AG.exe SYSTEM process with PROCESS_ALL_ACCESS rights.

Ссылки

https://gist.github.com/jackullrich/21fcfe75aeb5e18c60b80e684b83d741
Exploit
Third Party Advisory
https://winternl.com/cve-2022-43997/
Exploit
Third Party Advisory
https://gist.github.com/jackullrich/21fcfe75aeb5e18c60b80e684b83d741
Exploit
Third Party Advisory
https://winternl.com/cve-2022-43997/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:aternity:aternity:*:*:*:*:*:*:*:*

Версия до 12.1.4.27 (исключая)

EPSS

Процентиль: 21%

0.00067

Низкий

7.8 High

CVSS3

Дефекты

NVD-CWE-Other

CWE-269

Связанные уязвимости

GHSA-9w89-223r-7hm3

CVSS3: 7.8

github

около 3 лет назад

Incorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege escalation. There is an insufficiently protected handle to the A180AG.exe SYSTEM process with PROCESS_ALL_ACCESS rights.

EPSS

Процентиль: 21%

0.00067

Низкий

7.8 High

CVSS3

Дефекты

NVD-CWE-Other

CWE-269