CVE-2019-9627
HIGHCyberArk Endpoint Privilege Manager <10.7 - Memory Corruption
Title source: llmDescription
A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://www.nccgroup.trust/us/our-research/technical-advisory-cyberark-epm-non-paged-pool-buffer-overflow/
Broken Link vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107387
Broken Link vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107852
Scores
CVSS v3
7.0
EPSS
0.0041
EPSS Percentile
33.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (1)
cyberark/endpoint_privilege_manager
< 10.7
Published
Mar 08, 2019
Tracked Since
Feb 18, 2026