CVE-2017-5329 Local Privilege Escalation in Terminal Server Agent
Attack Vector LOCAL
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact HIGH
Privileges Required LOW
Integrity Impact HIGH
User Interaction NONE
Availability Impact HIGH
Description
A local privilege escalation vulnerability exists in Terminal Server Agent (ref # PAN-67756 / CVE-2017-5329).
Terminal Server Agent contains a vulnerability that may allow for an out of bounds write. Successful exploitation of this issue may allow an attacker to elevate their permissions.
This issue affects Terminal Server Agent 6.0; Terminal Server Agent 7.0.6 and earlier
Product Status
Versions | Affected | Unaffected |
---|---|---|
Terminal Server Agent 7.0 | <= 7.0.6 | >= 7.0.7 |
Severity: HIGH
CVSSv3.0 Base Score: 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Weakness Type
Solution
Terminal Server Agent 7.0.7 and later
Workarounds and Mitigations
N/A
Acknowledgments
Palo Alto Networks would like to thank Parvez Anwar from Verizon for reporting this issue to us.