CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-27905

In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 56.8%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 9.0

References

https://www.controlup.com/security/cve-2022-27905/
https://www.controlup.com/security/cve-2022-27905/

Products affected by CVE-2022-27905

Controlup » Controlup » Version: Any

cpe:2.3:a:controlup:controlup:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-27905

Products

Pricing

Contact Us