CVE-2026-35099
7.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Lakeside SysTrack Agent 11 before 11.5.0.15 has a race condition with resultant local privilege escalation to SYSTEM. The fixed versions are 11.2.1.28, 11.3.0.38, 11.4.0.24, and 11.5.0.15.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Lakeside Software | SysTrack Agent | 11 < 11.2.1.28 | affected |
| Lakeside Software | SysTrack Agent | 11.3 < 11.3.0.38 | affected |
| Lakeside Software | SysTrack Agent | 11.4 < 11.4.0.24 | affected |
| Lakeside Software | SysTrack Agent | 11.5 < 11.5.0.15 | affected |
Weaknesses
- CWE-362: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://documentation.lakesidesoftware.com/en/Content/Release%20Notes/Agent/11.2.1.28%20Hotfix%20Agent%20Release%20Notes.htm?tocpath=Release%20Notes%7CAgent%7C_____8
- https://documentation.lakesidesoftware.com/en/Content/Release%20Notes/Agent/11_3_xxx%20Hotfix%20Agent%20Release%20Notes.htm?tocpath=Release%20Notes%7CAgent%7C_____6
- https://documentation.lakesidesoftware.com/en/Content/Release%20Notes/Agent/11_4_xxx%20Hotfix%20Agent%20Release%20Notes.htm?tocpath=Release%20Notes%7CAgent%7C_____4
- https://documentation.lakesidesoftware.com/en/Content/Release%20Notes/Agent/11_5_xxx%20Hotfix%20Agent%20Release%20Notes.htm?tocpath=Release%20Notes%7CAgent%7C_____2
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.