PT-2022-14053 · Okta · Okta Active Directory Agent
Published
2022-09-06
·
Updated
2022-09-16
·
CVE-2022-1697
CVSS v3.1
3.9
Low
| Vector | AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Okta Active Directory Agent versions 3.8.0 through 3.11.0
Description
The issue arises from the Okta Active Directory Agent installing the Okta AD Agent Update Service using an unquoted path, which can lead to privilege escalation.
Recommendations
For Okta Active Directory Agent versions 3.8.0 through 3.11.0, uninstall the current version and reinstall Okta Active Directory Agent 3.12.0 or greater, following the provided documentation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Okta Active Directory Agent