PT-2019-15888 · Secureworks · Secureworks Red Cloak Windows Agent

Published

2019-12-06

Updated

2019-12-17

CVE-2019-19620

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions SecureWorks Red Cloak Windows Agent versions prior to 2.0.7.9

Description A local user can bypass the generation of telemetry alerts by removing NT AUTHORITYSYSTEM permissions from a file, which is limited in scope to the collection of process-execution telemetry for executions against specific files where the SYSTEM user was denied access to the source file.

Recommendations For SecureWorks Red Cloak Windows Agent versions prior to 2.0.7.9, update to version 2.0.7.9 or later to resolve the issue.

Exploit

Fix

Improper Preservation of Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-281

Related Identifiers

CVE-2019-19620

Affected Products

Secureworks Red Cloak Windows Agent

PT-2019-15888 · Secureworks · Secureworks Red Cloak Windows Agent

CVE-2019-19620

Weakness Enumeration

Related Identifiers

Affected Products

References · 5