Vulnerabilities > CVE-2019-9627 - Out-of-bounds Write vulnerability in Cyberark Endpoint Privilege Manager 10.2.1.603

CVSS 6.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

cyberark

CWE-787

NVD

Published: 2019-03-08

Updated: 2022-04-05

Summary

A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path.

Vulnerable Configurations

Part	Description	Count
Application	Cyberark Cyberark Endpoint Privilege Manager - Cyberark Endpoint Privilege Manager 10.2.1.603	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.nccgroup.trust/us/our-research/technical-advisory-cyberark-epm-non-paged-pool-buffer-overflow/
http://www.securityfocus.com/bid/107387
http://www.securityfocus.com/bid/107852