CVE-2022-23714

A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:elastic:endpoint_security:*:*:*:*:*:*:*:*
cpe:2.3:a:elastic:endpoint_security:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:49

Type Values Removed Values Added
References () https://discuss.elastic.co/t/elastic-8-3-1-8-3-0-and-7-17-5-security-update/308613 - Mitigation, Vendor Advisory () https://discuss.elastic.co/t/elastic-8-3-1-8-3-0-and-7-17-5-security-update/308613 - Mitigation, Vendor Advisory
References () https://www.elastic.co/community/security - Vendor Advisory () https://www.elastic.co/community/security - Vendor Advisory

03 Jul 2023, 20:34

Type Values Removed Values Added
CWE CWE-269 NVD-CWE-noinfo

Information

Published : 2022-07-06 14:15

Updated : 2024-11-21 06:49


NVD link : CVE-2022-23714

Mitre link : CVE-2022-23714

CVE.ORG link : CVE-2022-23714


JSON object : View

Products Affected

microsoft

  • windows

elastic

  • endpoint_security
CWE
CWE-264

Permissions, Privileges, and Access Controls

NVD-CWE-noinfo