CVE-2019-9627
low-risk
Published 2019-03-08
A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path.
Do I need to act?
-
0.15% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.0/10
High
LOCAL
/ HIGH complexity
Affected Products (1)
Endpoint Privilege Manager
Affected Vendors
References (6)
Broken Link
http://www.securityfocus.com/bid/107387
Broken Link
http://www.securityfocus.com/bid/107852
Third Party Advisory
https://www.nccgroup.trust/us/our-research/technical-advisory-cyberark-epm-non-p...
Broken Link
http://www.securityfocus.com/bid/107387
Broken Link
http://www.securityfocus.com/bid/107852
Third Party Advisory
https://www.nccgroup.trust/us/our-research/technical-advisory-cyberark-epm-non-p...
24
/ 100
low-risk
Severity
18/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal