CVE-2022-23714 - OpenCVE

A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Elastic	Endpoint Security
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:elastic:endpoint_security::::::::
	cpe:2.3:a:elastic:endpoint_security::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://discuss.elastic.co/t/elastic-8-3-1-8-3-0-and-7-17-5-security-update/308613
https://www.elastic.co/community/security

History

No history.

MITRE

Status: PUBLISHED

Assigner: elastic

Published: 2022-07-06T13:57:27

Updated: 2024-08-03T03:51:45.981Z

Reserved: 2022-01-19T00:00:00

Link: CVE-2022-23714

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-07-06T14:15:18.460

Modified: 2023-07-03T20:34:29.593

Link: CVE-2022-23714

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Endpoint Security", "vendor": "Elastic", "versions": [{"status": "affected", "version": "Versions 7.13.0 through 7.17.4 and 8.0.0 through 8.2.3"}]}], "descriptions": [{"lang": "en", "value": "A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-264", "description": "CWE-264", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-06T13:57:27", "orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "shortName": "elastic"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://discuss.elastic.co/t/elastic-8-3-1-8-3-0-and-7-17-5-security-update/308613"}, {"tags": ["x_refsource_MISC"], "url": "https://www.elastic.co/community/security"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@elastic.co", "ID": "CVE-2022-23714", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Endpoint Security", "version": {"version_data": [{"version_value": "Versions 7.13.0 through 7.17.4 and 8.0.0 through 8.2.3"}]}}]}, "vendor_name": "Elastic"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-264"}]}]}, "references": {"reference_data": [{"name": "https://discuss.elastic.co/t/elastic-8-3-1-8-3-0-and-7-17-5-security-update/308613", "refsource": "MISC", "url": "https://discuss.elastic.co/t/elastic-8-3-1-8-3-0-and-7-17-5-security-update/308613"}, {"name": "https://www.elastic.co/community/security", "refsource": "MISC", "url": "https://www.elastic.co/community/security"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:51:45.981Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://discuss.elastic.co/t/elastic-8-3-1-8-3-0-and-7-17-5-security-update/308613"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.elastic.co/community/security"}]}]}, "cveMetadata": {"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a", "assignerShortName": "elastic", "cveId": "CVE-2022-23714", "datePublished": "2022-07-06T13:57:27", "dateReserved": "2022-01-19T00:00:00", "dateUpdated": "2024-08-03T03:51:45.981Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elastic:endpoint_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "3607476C-D312-4817-AF80-44EAFDCE4FD4", "versionEndIncluding": "7.17.4", "versionStartIncluding": "7.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:elastic:endpoint_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6B233AE-2EE6-4EF3-8668-55EC026B0FBB", "versionEndIncluding": "8.2.3", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account."}, {"lang": "es", "value": "Se ha detectado un problema de escalada de privilegios locales (LPE) en las funcionalidades de ransomware canaries de Elastic Endpoint Security para Windows, que podr\u00eda permitir a usuarios no privilegiados elevar sus privilegios a los de la cuenta LocalSystem"}], "id": "CVE-2022-23714", "lastModified": "2023-07-03T20:34:29.593", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-06T14:15:18.460", "references": [{"source": "bressers@elastic.co", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://discuss.elastic.co/t/elastic-8-3-1-8-3-0-and-7-17-5-security-update/308613"}, {"source": "bressers@elastic.co", "tags": ["Vendor Advisory"], "url": "https://www.elastic.co/community/security"}], "sourceIdentifier": "bressers@elastic.co", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-264"}], "source": "bressers@elastic.co", "type": "Secondary"}]}