Vulnerabilities (CVE)

Filtered by vendor Controlup Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-27905 1 Controlup 1 Controlup 2024-11-21 9.0 HIGH 7.2 HIGH
In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.
CVE-2021-45913 1 Controlup 1 Controlup Agent 2024-11-21 9.0 HIGH 7.2 HIGH
A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel.
CVE-2021-45912 1 Controlup 1 Real-time Agent 2024-11-21 4.6 MEDIUM 7.8 HIGH
An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method.