PT-2019-15888 · Secureworks · Secureworks Red Cloak Windows Agent

Publicado

2019-12-06

Atualizado

2019-12-17

CVE-2019-19620

CVSS v3.1

3.3

Baixa

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions SecureWorks Red Cloak Windows Agent versions prior to 2.0.7.9

Description A local user can bypass the generation of telemetry alerts by removing NT AUTHORITYSYSTEM permissions from a file, which is limited in scope to the collection of process-execution telemetry for executions against specific files where the SYSTEM user was denied access to the source file.

Recommendations For SecureWorks Red Cloak Windows Agent versions prior to 2.0.7.9, update to version 2.0.7.9 or later to resolve the issue.

Exploit

Correção

Improper Preservation of Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-281

Identificadores relacionados

CVE-2019-19620

Produtos afetados

Secureworks Red Cloak Windows Agent

PT-2019-15888 · Secureworks · Secureworks Red Cloak Windows Agent

CVE-2019-19620

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5