Controlup: Security Vulnerabilities
In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.
CVSS Score
7.2
EPSS Score
0.004
Published
2022-04-27
An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-01-04
A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-01-04