Vulnerabilities > CVE-2021-44049 - Exposure of Resource to Wrong Sphere vulnerability in Cyberark Endpoint Privilege Manager

CVSS 6.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

cyberark

CWE-668

NVD

Published: 2022-01-15

Updated: 2022-07-12

Summary

CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory.

Vulnerable Configurations

Part	Description	Count
Application	Cyberark Cyberark Endpoint Privilege Manager *	2

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://www.cyberark.com/ca21-34/
https://docs.cyberark.com/Product-Doc/OnlineHelp/EPM-onprem/Latest/en/Content/Release%20Notes/RN-WhatsNew.htm
https://www.cyberark.com/product-security/
https://hencohen10.medium.com/cyberark-endpoint-manager-local-privilege-escalation-cve-2021-44049-67cd5e62c3d2