CVE-2022-38777

Summary

An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

Affected Software

VendorProductVersion RangeStatus
ElasticElastic Endpoint SecurityElastic Security versions up to 7.17.8 and 8.4.3 and Elastic Endgame versions up to 3.62.2affected

Weaknesses

  • CWE-269: CWE-269

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References