CVE-2022-38777
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Elastic | Elastic Endpoint Security | Elastic Security versions up to 7.17.8 and 8.4.3 and Elastic Endgame versions up to 3.62.2 | affected |
Weaknesses
- CWE-269: CWE-269
ADP Enrichment
CVE Program Container
Additional References
- https://www.elastic.co/community/security
- https://discuss.elastic.co/t/elastic-7-17-9-8-5-0-and-8-6-1-security-update/324661
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.elastic.co/community/security
- https://discuss.elastic.co/t/elastic-7-17-9-8-5-0-and-8-6-1-security-update/324661
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.