An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
References
Link | Resource |
---|---|
https://discuss.elastic.co/t/endpoint-security-8-4-0-7-17-7-and-endgame-3-62-3-security-statement/323754 | Vendor Advisory |
https://www.elastic.co/community/security | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
03 Feb 2023, 18:21
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CPE | cpe:2.3:a:elastic:endgame:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:elastic:endpoint_security:*:*:*:*:*:*:*:* |
|
First Time |
Microsoft windows
Microsoft Elastic endgame Elastic endpoint Security Elastic |
|
References | (MISC) https://discuss.elastic.co/t/endpoint-security-8-4-0-7-17-7-and-endgame-3-62-3-security-statement/323754 - Vendor Advisory | |
References | (MISC) https://www.elastic.co/community/security - Vendor Advisory |
26 Jan 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-26 21:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-38774
Mitre link : CVE-2022-38774
CVE.ORG link : CVE-2022-38774
JSON object : View
Products Affected
elastic
- endgame
- endpoint_security
microsoft
- windows
CWE