CVE-2022-43997

Published: Jan 26, 2023Modified: Apr 1, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Incorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege escalation. There is an insufficiently protected handle to the A180AG.exe SYSTEM process with PROCESS_ALL_ACCESS rights.

Affected (1)

Products: Aternity: Aternity

Aternity

1 product

Aternity

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Aternity Aternity	Before 12.1.4.27

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

https://gist.github.com/jackullrich/21fcfe75aeb5e18c60b80e684b83d741

Source: cve@mitre.org

ExploitThird Party Advisory

https://winternl.com/cve-2022-43997/

Source: cve@mitre.org

ExploitThird Party Advisory

https://gist.github.com/jackullrich/21fcfe75aeb5e18c60b80e684b83d741

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://winternl.com/cve-2022-43997/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.