Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2. A user with local access to only the Windows logon screen can escalate their privileges to NT AUTHORITY\System. An attacker would need local access to the machine for a successful exploit. The attacker must disconnect the computer from the local network / WAN and connect it to an internet facing access point / network. At that point, the attacker can execute the password-reset functionality, which will expose a web browser. Browsing to a site that calls local Windows system functions (e.g., file upload) will expose the local file system. From there an attacker can launch a privileged command shell.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SailPoint Technologies Desktop Password Reset 权限许可和访问控制问题漏洞
Vulnerability Description
SailPoint Technologies Desktop Password Reset是美国SailPoint Technologies公司的一款桌面密码管理实用程序。 SailPoint Technologies Desktop Password Reset 7.2版本中存在安全漏洞。本地攻击者可利用该漏洞将用户权限提升至NT AUTHORITYSystem。
CVSS Information
N/A
Vulnerability Type
N/A