PT-2018-10066 · Cylance · Cylanceprotect

Ryan Hanson

Published

2018-05-04

Updated

2018-06-13

CVE-2018-10722

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cylance CylancePROTECT versions prior to 1470

Description The issue allows an unprivileged local user to obtain SYSTEM privileges. This is possible because users have Modify access to the %PROGRAMFILES%CylanceDesktoplog folder. The CyUpdate process grants users Modify access to new files created in this folder. An attacker can create a new file that is a symlink chain to a pathname of an arbitrary DLL that CyUpdate uses.

Recommendations For versions prior to 1470, update to version 1470 or later to resolve the issue. As a temporary workaround, consider restricting access to the %PROGRAMFILES%CylanceDesktoplog folder to prevent users from creating malicious symlinks.

Exploit

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2018-10722

Affected Products

Cylanceprotect

PT-2018-10066 · Cylance · Cylanceprotect

CVE-2018-10722

Weakness Enumeration

Related Identifiers

Affected Products

References · 3