CVE-2019-9627
Summary
| CVE | CVE-2019-9627 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-03-08 19:29:00 UTC |
| Updated | 2022-04-05 20:54:00 UTC |
| Description | A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cyberark | Endpoint Privilege Manager | All | All | All | All |
| Application | Cyberark | Endpoint Privilege Manager | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CyberArk Endpoint Privilege Manager DLL Loading Local Privilege Escalation Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| www.nccgroup.trust/us/our-research/technical-advisory-cyberark-epm-non-paged-poo... | MISC | www.nccgroup.trust | Third Party Advisory |
| Malformed Request | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.