CVE-2021-22159
HIGHProofpoint Insider Threat Management < 7.4.3 - Authenticated Local Privilege Escalation via Missing Authentication
Title source: llmDescription
Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a critical function, which allows a local authenticated Windows user to run arbitrary commands with the privileges of the Windows SYSTEM user. Agents for MacOS, Linux, and ITM Cloud are not affected.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.proofpoint.com/us/security/security-advisories
Vendor Advisory x_refsource_misc
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0001
Scores
CVSS v3
7.8
EPSS
0.0033
EPSS Percentile
24.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (1)
proofpoint/insider_threat_management
< 7.4.3
Published
Jan 26, 2021
Tracked Since
Feb 18, 2026