CVE-2022-27905

In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:controlup:controlup:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:56

Type Values Removed Values Added
References () https://www.controlup.com/security/cve-2022-27905/ - Patch, Vendor Advisory () https://www.controlup.com/security/cve-2022-27905/ - Patch, Vendor Advisory

Information

Published : 2022-04-27 14:15

Updated : 2024-11-21 06:56


NVD link : CVE-2022-27905

Mitre link : CVE-2022-27905

CVE.ORG link : CVE-2022-27905


JSON object : View

Products Affected

controlup

  • controlup
CWE
CWE-428

Unquoted Search Path or Element