Lucene search

[email protected]NVD:CVE-2022-36670

HistorySep 06, 2022 - 7:15 p.m.

CVE-2022-36670

2022-09-0619:15:08

CWE-732

[email protected]

web.nvd.nist.gov

pcprotect

endpoint

vulnerability

tamper protection

microsoft windows

administrator privileges

escalate privileges

system

crafted executable

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.8%

JSON

PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable.

Affected configurations

NVD

Node

pcprotectendpointRange<5.17.470windows

References

mrvar0x.com/2022/07/21/pcprotect-endpoint-tampering-exploit/

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.8%

JSON

Related for NVD:CVE-2022-36670

cve1 cvelist1 prion1