CVE-2019-9627

EUVD-2019-18998
A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
cyberarkendpoint_privilege_manager
𝑥
< 10.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/107387
http://www.securityfocus.com/bid/107852
https://www.nccgroup.trust/us/our-research/technical-advisory-cyberark-epm-non-paged-pool-buffer-overflow/
http://www.securityfocus.com/bid/107387
http://www.securityfocus.com/bid/107852
https://www.nccgroup.trust/us/our-research/technical-advisory-cyberark-epm-non-paged-pool-buffer-overflow/