CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-23714

A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.4%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 7.2

References

https://discuss.elastic.co/t/elastic-8-3-1-8-3-0-and-7-17-5-security-update/308613
https://www.elastic.co/community/security
https://discuss.elastic.co/t/elastic-8-3-1-8-3-0-and-7-17-5-security-update/308613
https://www.elastic.co/community/security

Products affected by CVE-2022-23714

Elastic » Endpoint Security » Version: 7.13.0

cpe:2.3:a:elastic:endpoint_security:7.13.0
Elastic » Endpoint Security » Version: 7.17.4

cpe:2.3:a:elastic:endpoint_security:7.17.4
Elastic » Endpoint Security » Version: 8.0.0

cpe:2.3:a:elastic:endpoint_security:8.0.0
Elastic » Endpoint Security » Version: 8.2.3

cpe:2.3:a:elastic:endpoint_security:8.2.3
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-23714

Products

Pricing

Contact Us