CVE-2021-22159 - OpenCVE

Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a critical function, which allows a local authenticated Windows user to run arbitrary commands with the privileges of the Windows SYSTEM user. Agents for MacOS, Linux, and ITM Cloud are not affected.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Proofpoint	Insider Threat Management

Configuration 1 [-]

OR	cpe:2.3:a:proofpoint:insider_threat_management::::::windows::*
	cpe:2.3:a:proofpoint:insider_threat_management::::::windows::*
	cpe:2.3:a:proofpoint:insider_threat_management::::::windows::*
	cpe:2.3:a:proofpoint:insider_threat_management::::::windows::*
	cpe:2.3:a:proofpoint:insider_threat_management::::::windows::*
	cpe:2.3:a:proofpoint:insider_threat_management::::::windows::*
	cpe:2.3:a:proofpoint:insider_threat_management::::::windows::*
	cpe:2.3:a:proofpoint:insider_threat_management::::::windows::*

References

Link	Resource
https://www.proofpoint.com/us/security/security-advisories	Vendor Advisory
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0001	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-01-26T19:44:39

Updated: 2021-01-26T19:44:39

Reserved: 2021-01-04T00:00:00

Link: CVE-2021-22159

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-01-26T20:15:12.227

Modified: 2022-06-28T14:11:45.273

Link: CVE-2021-22159

JSON object: View

Redhat Information

No data.

CWE

CWE-306

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a critical function, which allows a local authenticated Windows user to run arbitrary commands with the privileges of the Windows SYSTEM user. Agents for MacOS, Linux, and ITM Cloud are not affected."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-26T19:44:39", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.proofpoint.com/us/security/security-advisories"}, {"tags": ["x_refsource_MISC"], "url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0001"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-22159", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a critical function, which allows a local authenticated Windows user to run arbitrary commands with the privileges of the Windows SYSTEM user. Agents for MacOS, Linux, and ITM Cloud are not affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.proofpoint.com/us/security/security-advisories", "refsource": "MISC", "url": "https://www.proofpoint.com/us/security/security-advisories"}, {"name": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0001", "refsource": "MISC", "url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0001"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-22159", "datePublished": "2021-01-26T19:44:39", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2021-01-26T19:44:39", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*", "matchCriteriaId": "0B28F338-096B-42ED-B7A1-EC3E44733C09", "versionEndExcluding": "7.4.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*", "matchCriteriaId": "7A40882D-ED7A-4419-8DBB-86C6F7A84DFA", "versionEndExcluding": "7.5.4", "versionStartIncluding": "7.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*", "matchCriteriaId": "7DFB8D36-8033-4306-833F-11634625B299", "versionEndExcluding": "7.6.5", "versionStartIncluding": "7.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*", "matchCriteriaId": "596F7C55-1D35-485F-8D6C-7CC5A3997642", "versionEndExcluding": "7.7.5", "versionStartIncluding": "7.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*", "matchCriteriaId": "AAAF300F-5A44-4A13-92D5-7E3239C57EE6", "versionEndExcluding": "7.8.4", "versionStartIncluding": "7.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*", "matchCriteriaId": "33E3D2DA-E75E-4BFD-B134-13461B155923", "versionEndExcluding": "7.9.3", "versionStartIncluding": "7.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*", "matchCriteriaId": "11A5CB12-9609-42A2-A364-CEF6A5240A6C", "versionEndExcluding": "7.10.2", "versionStartIncluding": "7.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:windows:*:*", "matchCriteriaId": "16E37E0B-34BD-4C92-9D16-60B401179554", "versionEndExcluding": "7.11.0.25", "versionStartIncluding": "7.11.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a critical function, which allows a local authenticated Windows user to run arbitrary commands with the privileges of the Windows SYSTEM user. Agents for MacOS, Linux, and ITM Cloud are not affected."}, {"lang": "es", "value": "Una Vulnerabilidad de Escalada de Privilegios Local en Insider Threat Management Windows Agent. El Proofpoint Insider Threat Management (anteriormente ObserveIT) Agent para Windows versiones anteriores a 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, y 7.11.0.25, as\u00ed como las versiones 7.3 y anteriores, carecen de autenticaci\u00f3n para una funci\u00f3n cr\u00edtica, que permite a un usuario de Windows autenticado local ejecutar comandos arbitrarios con los privilegios del usuario SYSTEM de Windows. Los agentes para MacOS, Linux e ITM Cloud no est\u00e1n afectados"}], "id": "CVE-2021-22159", "lastModified": "2022-06-28T14:11:45.273", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-26T20:15:12.227", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.proofpoint.com/us/security/security-advisories"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0001"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}