CVE-2021-44049

Published: Jan 15, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory.

Affected (2)

Products: Cyberark: Endpoint Privilege Manager

Cyberark

1 product

Endpoint Privilege Manager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cyberark Endpoint Privilege Manager	From 11.5.3.328 to 11.5.4.500
Cyberark Endpoint Privilege Manager	From 11.5.3.328 to 11.5.4.355

Related CWEs

CWE-668

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (8)

https://docs.cyberark.com/Product-Doc/OnlineHelp/EPM-onprem/Latest/en/Content/Release%20Notes/RN-WhatsNew.htm

Source: cve@mitre.org

Vendor Advisory

https://hencohen10.medium.com/cyberark-endpoint-manager-local-privilege-escalation-cve-2021-44049-67cd5e62c3d2

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.cyberark.com/ca21-34/

Source: cve@mitre.org

Permissions RequiredVendor Advisory

https://www.cyberark.com/product-security/

Source: cve@mitre.org

Vendor Advisory

https://docs.cyberark.com/Product-Doc/OnlineHelp/EPM-onprem/Latest/en/Content/Release%20Notes/RN-WhatsNew.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://hencohen10.medium.com/cyberark-endpoint-manager-local-privilege-escalation-cve-2021-44049-67cd5e62c3d2

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.cyberark.com/ca21-34/

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://www.cyberark.com/product-security/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.