CVE-2022-43997

Name of the Vulnerable Software and Affected Versions Riverbed Aternity versions prior to 12.1.4.27

Description The issue is related to incorrect access control in the Aternity agent, allowing for local privilege escalation. There is an insufficiently protected handle to the A180AG.exe SYSTEM process with PROCESS ALL ACCESS rights.

Recommendations For versions prior to 12.1.4.27, update to version 12.1.4.27 or later to resolve the issue. As a temporary workaround, consider restricting access to the A180AG.exe SYSTEM process to minimize the risk of exploitation.