Vulnerabilities > CVE-2021-44049 - Exposure of Resource to Wrong Sphere vulnerability in Cyberark Endpoint Privilege Manager

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

cyberark

CWE-668

NVD

Published: 2022-01-15

Updated: 2022-07-12

Summary

CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory.

Vulnerable Configurations

Part	Description	Count
Application	Cyberark Cyberark Endpoint Privilege Manager *	2

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://www.cyberark.com/ca21-34/
https://docs.cyberark.com/Product-Doc/OnlineHelp/EPM-onprem/Latest/en/Content/Release%20Notes/RN-WhatsNew.htm
https://www.cyberark.com/product-security/
https://hencohen10.medium.com/cyberark-endpoint-manager-local-privilege-escalation-cve-2021-44049-67cd5e62c3d2