← Volver a CVEs
CVE-2022-43997
HIGH7.8
Descripcion
Incorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege escalation. There is an insufficiently protected handle to the A180AG.exe SYSTEM process with PROCESS_ALL_ACCESS rights.
Detalles CVE
Puntuacion CVSS v3.17.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado1/26/2023
Ultima modificacion4/1/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
aternity:aternity
Debilidades (CWE)
CWE-269
Referencias
https://winternl.com/cve-2022-43997/(cve@mitre.org)
https://gist.github.com/jackullrich/21fcfe75aeb5e18c60b80e684b83d741(af854a3a-2127-422b-91ae-364da2661108)
https://winternl.com/cve-2022-43997/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.