CVE-2022-38774

Summary

An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

Affected Software

VendorProductVersion RangeStatus
ElasticElastic Endpoint Security and Elastic Endgame SecurityElastic Security versions up to 7.17.6 and 8.3.3 and Elastic Endgame versions up to 3.62.2affected

Weaknesses

  • CWE-269: CWE-269

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References