CVE-2019-19620

Published: Dec 6, 2019Modified: Nov 21, 2024

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the SYSTEM user was denied access to the source file.

Affected (1)

Products: Dell: Red Cloak Windows Agent

1 product

Red Cloak Windows Agent

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dell Red Cloak Windows Agent	Before 2.0.7.9

Related CWEs

Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References (4)

https://medium.com/%40CowbellSteve/secureworks-red-cloak-local-bypass-bfaed2be407e

Source: cve@mitre.org

https://www.secureworks.com/resources/ds-aetd-red-cloak-data-sheet

Source: cve@mitre.org

Vendor Advisory

https://medium.com/%40CowbellSteve/secureworks-red-cloak-local-bypass-bfaed2be407e

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.secureworks.com/resources/ds-aetd-red-cloak-data-sheet

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.