In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.controlup.com/security/cve-2022-27905/ |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-04-27T13:59:10
Updated: 2024-08-03T05:41:10.842Z
Reserved: 2022-03-25T00:00:00
Link: CVE-2022-27905
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-04-27T14:15:09.253
Modified: 2022-05-09T17:49:50.280
Link: CVE-2022-27905
Redhat
No data.