CVE-2019-9627

Published: Mar 8, 2019Modified: Nov 21, 2024

7.0

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.0 / Impact: 5.9

Source: NVD

Description

A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path.

Affected (1)

Products: Cyberark: Endpoint Privilege Manager

1 product

Endpoint Privilege Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cyberark Endpoint Privilege Manager	Before 10.7

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (6)

http://www.securityfocus.com/bid/107387

Source: cve@mitre.org

Broken Link

http://www.securityfocus.com/bid/107852

Source: cve@mitre.org

Broken Link

https://www.nccgroup.trust/us/our-research/technical-advisory-cyberark-epm-non-paged-pool-buffer-overflow/

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/107387

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.securityfocus.com/bid/107852

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://www.nccgroup.trust/us/our-research/technical-advisory-cyberark-epm-non-paged-pool-buffer-overflow/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.