Vulnerability Details : CVE-2021-22159
Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a critical function, which allows a local authenticated Windows user to run arbitrary commands with the privileges of the Windows SYSTEM user. Agents for MacOS, Linux, and ITM Cloud are not affected.
Vulnerability category: Gain privilege
Products affected by CVE-2021-22159
- cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*
- Proofpoint » Insider Threat Management » For WindowsVersions from including (>=) 7.10.0 and before (<) 7.10.2cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*
- Proofpoint » Insider Threat Management » For WindowsVersions from including (>=) 7.11.0.0 and before (<) 7.11.0.25cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*
- Proofpoint » Insider Threat Management » For WindowsVersions from including (>=) 7.9.0 and before (<) 7.9.3cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*
- Proofpoint » Insider Threat Management » For WindowsVersions from including (>=) 7.7.0 and before (<) 7.7.5cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*
- Proofpoint » Insider Threat Management » For WindowsVersions from including (>=) 7.5.0 and before (<) 7.5.4cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*
- Proofpoint » Insider Threat Management » For WindowsVersions from including (>=) 7.6.0 and before (<) 7.6.5cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*
- Proofpoint » Insider Threat Management » For WindowsVersions from including (>=) 7.8.0 and before (<) 7.8.4cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-22159
0.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 7 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-22159
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2021-22159
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-22159
-
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0001
Security Advisory | Proofpoint USVendor Advisory
-
https://www.proofpoint.com/us/security/security-advisories
Security Advisories | Proofpoint USVendor Advisory
Jump to