Arbitrary code execution on local Windows devices
Who is this article for?
Instructor, no.
Incydr Professional, Enterprise, Horizon, and Gov F2, yes.
Incydr Basic, Advanced, and Gov F1, yes.
Overview
This article provides details about a security vulnerability affecting Code42 agents on Windows.
Description
A vulnerability has been identified that may allow an attacker to escalate privilege and execute arbitrary code on a local Windows device running the Code42 agent.
Affected product and versions
- Code42 for Enterprise
- Code42 agent version 7.0.2 and earlier on Windows
Resolution
This vulnerability is fixed in Code42 agent version 7.0.3 and later. To remediate this vulnerability, upgrade your devices.
CVE details
| CVE ID | CVE-2019-16860 |
|---|---|
| Date published | November 15, 2019 |
| Number of vulnerabilities | 1 |
| Vulnerability type | Other – Untrusted search path |
| CVSS v3 |
Score: 7.8 Vector string: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Attack type | Local |
| Impact | Code execution |
| Attack vectors | An attacker could escalate privilege and execute arbitrary code on a local Windows device. |
| Affected component | Code42 agent |
| Description of the vulnerability |
In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local machine. |
| Acknowledgements | Thank you to Maciej Oszutowski for discovering and reporting this vulnerability. |
Related topics
Other Code42 resources
- Code42: Security
