CVE-2022-43997

CVE Database · CVE-2022-43997

CVE-2022-43997

· HIGHModified

CVSS v3.1

7.8

EPSS

0.36%

Published

Jan 26, 2023

Modified

Apr 1, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Incorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege escalation. There is an insufficiently protected handle to the A180AG.exe SYSTEM process with PROCESS_ALL_ACCESS rights.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-269

Affected Products (1)

aternity · aternity (up to 12.1.4.27)vulnerable

References (4)

https://gist.github.com/jackullrich/21fcfe75aeb5e18c60b80e684b83d741

ExploitThird Party Advisory

https://winternl.com/cve-2022-43997/

ExploitThird Party Advisory

https://gist.github.com/jackullrich/21fcfe75aeb5e18c60b80e684b83d741

ExploitThird Party Advisory

https://winternl.com/cve-2022-43997/

ExploitThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs