Vulnerability Details CVE-2023-37243
The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\Windows\Temp\Agent.Package.Availability folder inherits permissions from C:\Windows\Temp and Agent.Package.Availability.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.2%
CVSS Severity
CVSS v3 Score 7.8
References
Products affected by CVE-2023-37243
-
cpe:2.3:a:atera:agent_package_availability:-
-
cpe:2.3:a:atera:agent_package_availability:0.14.0.0
-
cpe:2.3:o:microsoft:windows:-