Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\Windows\Temp\Agent.Package.Availability folder inherits permissions from C:\Windows\Temp and Agent.Package.Availability.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
在具有不安全权限的目录中创建临时文件
Vulnerability Title
Atera Agent Package Availability 安全漏洞
Vulnerability Description
Atera Agent Package Availability for Windows是Atera公司的一个适用于 Windows 的 Atera 代理程序包。 Atera Agent Package Availability 0.14.0.0 及之前版本存在安全漏洞,该漏洞源于当系统重新启动时,Agent.Package.Availability.exe 具有 SYSTEM 权限并且容易受到 DLL 劫持。具有标准权限的用户可以通过写入恶意DLL以提升权限。
CVSS Information
N/A
Vulnerability Type
N/A