CVE-2021-22159

Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a critical function, which allows a local authenticated Windows user to run arbitrary commands with the privileges of the Windows SYSTEM user. Agents for MacOS, Linux, and ITM Cloud are not affected.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
proofpointinsider_threat_management
𝑥
< 7.4.3
proofpointinsider_threat_management
7.5.0 ≤
𝑥
< 7.5.4
proofpointinsider_threat_management
7.6.0 ≤
𝑥
< 7.6.5
proofpointinsider_threat_management
7.7.0 ≤
𝑥
< 7.7.5
proofpointinsider_threat_management
7.8.0 ≤
𝑥
< 7.8.4
proofpointinsider_threat_management
7.9.0 ≤
𝑥
< 7.9.3
proofpointinsider_threat_management
7.10.0 ≤
𝑥
< 7.10.2
proofpointinsider_threat_management
7.11.0.0 ≤
𝑥
< 7.11.0.25
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.proofpoint.com/us/security/security-advisories
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0001
https://www.proofpoint.com/us/security/security-advisories
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0001