Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Cylance CylancePROTECT before 1470, an unprivileged local user can obtain SYSTEM privileges because users have Modify access to the %PROGRAMFILES%\Cylance\Desktop\log folder, the CyUpdate process grants users Modify access to new files created in this folder, and a new file can be a symlink chain to a pathname of an arbitrary DLL that CyUpdate uses.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cylance CylancePROTECT 安全漏洞
Vulnerability Description
Cylance CylancePROTECT是美国Cylance公司的一套终端安全防护软件。该软件能够预防勒索软件、恶意软件等攻击。 Cylance CylancePROTECT 1470之前版本中存在安全漏洞,该漏洞源于用户拥有%PROGRAMFILES%\Cylance\Desktop\log文件夹的更改权限。本地攻击者可利用该漏洞获取SYSTEM权限。
CVSS Information
N/A
Vulnerability Type
N/A