Controlup

controlup

3 CVEs • 3 products

Products (3)

Click to collapse

Toggle

Controlup Agent

controlup_agent

Real Time Agent

real-time_agent

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-27905 1Controlup 1Controlup Nov 21, 2024 Apr 27, 2022 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.
CVE-2021-45912 1Controlup 1Real Time Agent Nov 21, 2024 Jan 4, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method.
CVE-2021-45913 1Controlup 1Controlup Agent Nov 21, 2024 Jan 4, 2022 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel.