Attacker Value
High
(1 user assessed)
Exploitability
Low
(1 user assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2019-9627

Disclosure Date: March 08, 2019
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path.

Add Assessment

5
Ratings
Technical Analysis

Overview

A vulnerability was discovered within CyberArk Endpoint Privilege Managers driver (CybKernelTracker.sys). This driver contains a call back functionality that is called every time for an image or a dll to be loaded loaded on the system, this callback allocates non paged pool memory (allocates memory from the kernel pool), and the allocation occurs to copy the image path of the object being loaded, but it does not take into account the buffer size of the path size. By loading an object (image) that is longer than the buffer size, an attacker is able to overwrite part of the kernel non paged pool memory invoking a kernel pool overflow.

This callback routine is not loaded into the system by default, but once installed, successful exploitation of this vulnerability can allow for an unprivileged and non authenticated user to obtain system-level access on the system.

Impact

Including this vulnerable driver on your system can lead to the degradation of your systems security and integrity, the impact risk is very high due to a non privileged user being able to communicate with this driver. Successful exploitation of this vulnerability can allow a user to either escalate their privileges by weaponizing a proof-of-concept, or simply crashing and dosing the system.

Recommended remediation

The recommended remediation and fix for this vulnerability is to update your cyberark software to the latest version, cyberark has responded to this vulnerability and patched it with a newly released version of the updated driver.

CVSS V3 Severity and Metrics
Base Score:
7.0 High
Impact Score:
5.9
Exploitability Score:
1
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
High
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Vendors

  • cyberark

Products

  • endpoint privilege manager

Additional Info

Technical Analysis