Vulnerabilities > CVE-2019-9627 - Out-of-bounds Write vulnerability in Cyberark Endpoint Privilege Manager 10.2.1.603

CVSS 7.0 - HIGH

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

high complexity

cyberark

CWE-787

NVD

Published: 2019-03-08

Updated: 2022-04-05

Summary

A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path.

Vulnerable Configurations

Part	Description	Count
Application	Cyberark Cyberark Endpoint Privilege Manager - Cyberark Endpoint Privilege Manager 10.2.1.603	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.nccgroup.trust/us/our-research/technical-advisory-cyberark-epm-non-paged-pool-buffer-overflow/
http://www.securityfocus.com/bid/107387
http://www.securityfocus.com/bid/107852