A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
References
Link | Resource |
---|---|
https://discuss.elastic.co/t/elastic-8-3-1-8-3-0-and-7-17-5-security-update/308613 | Mitigation Vendor Advisory |
https://www.elastic.co/community/security | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
03 Jul 2023, 20:34
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo |
14 Jul 2022, 18:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:elastic:endpoint_security:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
First Time |
Microsoft
Microsoft windows Elastic Elastic endpoint Security |
|
CWE | CWE-269 | |
References | (MISC) https://discuss.elastic.co/t/elastic-8-3-1-8-3-0-and-7-17-5-security-update/308613 - Mitigation, Vendor Advisory | |
References | (MISC) https://www.elastic.co/community/security - Vendor Advisory |
06 Jul 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-06 14:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-23714
Mitre link : CVE-2022-23714
CVE.ORG link : CVE-2022-23714
JSON object : View
Products Affected
microsoft
- windows
elastic
- endpoint_security
CWE