PT-2018-10066 · Cylance · Cylanceprotect
Ryan Hanson
·
Publicado
2018-05-04
·
Atualizado
2018-06-13
·
CVE-2018-10722
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cylance CylancePROTECT versions prior to 1470
Description
The issue allows an unprivileged local user to obtain SYSTEM privileges. This is possible because users have Modify access to the %PROGRAMFILES%CylanceDesktoplog folder. The CyUpdate process grants users Modify access to new files created in this folder. An attacker can create a new file that is a symlink chain to a pathname of an arbitrary DLL that CyUpdate uses.
Recommendations
For versions prior to 1470, update to version 1470 or later to resolve the issue. As a temporary workaround, consider restricting access to the %PROGRAMFILES%CylanceDesktoplog folder to prevent users from creating malicious symlinks.
Exploit
Correção
Link Following
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cylanceprotect