CVE-2022-43997

Exploit

EPSS 0.1%
Veröffentlicht 26.01.2023 21:17:50
Zuletzt bearbeitet 01.04.2025 16:15:16
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Incorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege escalation. There is an insufficiently protected handle to the A180AG.exe SYSTEM process with PROCESS_ALL_ACCESS rights.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Aternity ≫ Aternity Version < 12.1.4.27

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.276

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://gist.github.com/jackullrich/21fcfe75aeb5e18c60b80e684b83d741

Third Party Advisory

Exploit

https://winternl.com/cve-2022-43997/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-43997

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-43997

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-43997

EUVD