CVE-2022-25294

Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected. Proofpoint has released fixed software version 7.12.1. The fixed software versions are available through the customer support portal.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2022-0001	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

18 Mar 2022, 16:27

Type	Values Removed	Values Added
CPE		cpe:2.3:a:proofpoint:insider_threat_management::::::windows::* cpe:2.3:o:microsoft:windows:-:::::::*
References	~~(MISC) https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2022-0001 -~~	(MISC) https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2022-0001 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.2 v3 : 7.8
CWE		NVD-CWE-noinfo
First Time		Microsoft windows Microsoft Proofpoint insider Threat Management Proofpoint

10 Mar 2022, 17:53

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-03-10 17:47

Updated : 2023-12-10 14:22

NVD link : CVE-2022-25294

Mitre link : CVE-2022-25294

CVE.ORG link : CVE-2022-25294

JSON object : View

Products Affected

proofpoint

insider_threat_management

microsoft

windows

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-25294", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-03-10T17:47:07.150", "references": [{"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2022-0001", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected. Proofpoint has released fixed software version 7.12.1. The fixed software versions are available through the customer support portal."}, {"lang": "es", "value": "Proofpoint Insider Threat Management Agent para Windows es basado en una funci\u00f3n inherentemente peligrosa que podr\u00eda permitir a un usuario local de Windows no privilegiado ejecutar c\u00f3digo arbitrario con privilegios SYSTEM. Todas las versiones anteriores a 7.12.1 est\u00e1n afectadas. Los agentes para MacOS y Linux y Cloud no est\u00e1n afectados. Proofpoint ha publicado la versi\u00f3n de software corregida 7.12.1. Las versiones de software corregidas est\u00e1n disponibles mediante el portal de soporte al cliente"}], "lastModified": "2022-03-18T16:27:32.423", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "0A7095F6-192A-4D1D-9ABC-1403713FFC4D", "versionEndExcluding": "7.12.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}