Vulnerabilities > Cylance > Cylanceprotect > High

DATE CVE VULNERABILITY TITLE RISK
2018-05-04 CVE-2018-10722 Link Following vulnerability in Cylance Cylanceprotect
In Cylance CylancePROTECT before 1470, an unprivileged local user can obtain SYSTEM privileges because users have Modify access to the %PROGRAMFILES%\Cylance\Desktop\log folder, the CyUpdate process grants users Modify access to new files created in this folder, and a new file can be a symlink chain to a pathname of an arbitrary DLL that CyUpdate uses.
local
low complexity
cylance CWE-59
7.2