Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an attacker-controlled DLL into high-privilege processes. This results in arbitrary code execution with SYSTEM privileges, leading to full compromise of the affected system.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenEDR 安全漏洞
Vulnerability Description
OpenEDR是Comodo Cyber Security开源的一个终端检测与响应安全平台。 OpenEDR 2.5.1.0版本存在安全漏洞,该漏洞源于内核驱动存在易受攻击的IOCTL接口,可能导致本地非特权攻击者获得SYSTEM权限并执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A