CVE-2022-38777

EPSS 0.02%
Veröffentlicht 08.02.2023 21:15:10
Zuletzt bearbeitet 25.03.2025 15:15:14
Quelle bressers@elastic.co
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Elastic ≫ Endgame Version < 3.62.3

Microsoft ≫ Windows Version-

Elastic ≫ Endpoint Security Version < 7.17.9

Microsoft ≫ Windows Version-

Elastic ≫ Endpoint Security Version >= 8.0.0 < 8.5.0

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.052

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://www.elastic.co/community/security

Vendor Advisory

https://discuss.elastic.co/t/elastic-7-17-9-8-5-0-and-8-6-1-security-update/324661

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2022-38777

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-38777

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-38777

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-38777