Palo Alto Networks Security Advisories
CVE-2017-5329 Local Privilege Escalation in Terminal Services Agent
Attack Vector LOCAL
Attack Complexity LOW
Privileges Required LOW
User Interaction NONE
Confidentiality Impact HIGH
Integrity Impact HIGH
Availability Impact HIGH
Reference PAN-67756 PAN-SA-2017-0001
A local privilege escalation vulnerability exists Terminal Services Agent (ref # PAN-67756 / CVE-2017-5329).
Terminal Services Agent contains a vulnerability that may allow for an out of bounds write. Successful exploitation of this issue may allow an attacker to elevate their permissions.
This issue affects Terminal Services Agent 6.0; Terminal Services Agent 7.0.6 and earlier
|Terminal Services Agent 7.0||<= 7.0.6||>= 7.0.7|
CVSSv3.1 Base Score: 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CWE-787 Out-of-bounds Write
Terminal Services Agent 7.0.7 and later
Workarounds and Mitigations
Palo Alto Networks would like to thank Parvez Anwar from Verizon for reporting this issue to us.
© 2020 Palo Alto Networks, Inc. All rights reserved.