CVE-2022-38774

HIGH

Elastic Endpoint Security/Elastic Endgame - Privilege Escalation

Title source: llm
STIX 2.1

Description

An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

Scores

CVSS v3 7.8
EPSS 0.0027
EPSS Percentile 18.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-269
Status published
Products (2)
elastic/endgame < 3.62.2
elastic/endpoint_security < 7.17.7
Published Jan 26, 2023
Tracked Since Feb 18, 2026