Buffer Overflow in CyberArk Endpoint Privilege Manager by CyberArk
CVE-2019-9627

7HIGH

Key Information:

Vendor

Cyberark

Status
Endpoint Privilege Manager
Vendor
CVE Published:
8 March 2019

What is CVE-2019-9627?

A buffer overflow vulnerability has been identified in the CybKernelTracker.sys kernel driver of CyberArk's Endpoint Privilege Manager. This flaw allows a malicious actor, without requiring Administrator privileges, to escalate their access to the system or cause the machine to crash by loading an image, such as a DLL, that has an excessively long path. This vulnerability highlights the importance of proper input validation and memory management in the software to prevent unauthorized access and potential system instability.

References

https://www.nccgroup.trust/us/our-research/technical-advi...
x_refsource_MISC
http://www.securityfocus.com/bid/107387
vdb-entryx_refsource_BID
http://www.securityfocus.com/bid/107852
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.