CVE-2019-9627

HIGH

CyberArk Endpoint Privilege Manager <10.7 - Memory Corruption

Title source: llm
STIX 2.1

Description

A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path.

References (3)

Core 3
Core References
Broken Link vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/107387
Broken Link vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/107852

Scores

CVSS v3 7.0
EPSS 0.0041
EPSS Percentile 33.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (1)
cyberark/endpoint_privilege_manager < 10.7
Published Mar 08, 2019
Tracked Since Feb 18, 2026