CVE-2022-38774

An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:elastic:endgame:*:*:*:*:*:*:*:*
cpe:2.3:a:elastic:endpoint_security:*:*:*:*:*:*:*:*
cpe:2.3:a:elastic:endpoint_security:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

03 Feb 2023, 18:21

Type Values Removed Values Added
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
CPE cpe:2.3:a:elastic:endgame:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:elastic:endpoint_security:*:*:*:*:*:*:*:*
First Time Microsoft windows
Microsoft
Elastic endgame
Elastic endpoint Security
Elastic
References (MISC) https://discuss.elastic.co/t/endpoint-security-8-4-0-7-17-7-and-endgame-3-62-3-security-statement/323754 - (MISC) https://discuss.elastic.co/t/endpoint-security-8-4-0-7-17-7-and-endgame-3-62-3-security-statement/323754 - Vendor Advisory
References (MISC) https://www.elastic.co/community/security - (MISC) https://www.elastic.co/community/security - Vendor Advisory

26 Jan 2023, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-01-26 21:15

Updated : 2023-12-10 14:48


NVD link : CVE-2022-38774

Mitre link : CVE-2022-38774

CVE.ORG link : CVE-2022-38774


JSON object : View

Products Affected

elastic

  • endgame
  • endpoint_security

microsoft

  • windows
CWE
NVD-CWE-noinfo CWE-269

Improper Privilege Management