Palo Alto Networks Security Advisories
CVE-2017-5329 Local Privilege Escalation in Terminal Server Agent
Attack Vector LOCAL
Attack Complexity LOW
Privileges Required LOW
User Interaction NONE
Confidentiality Impact HIGH
Integrity Impact HIGH
Availability Impact HIGH
Reference PAN-67756 PAN-SA-2017-0001
A local privilege escalation vulnerability exists in Terminal Server Agent (ref # PAN-67756 / CVE-2017-5329).
Terminal Server Agent contains a vulnerability that may allow for an out of bounds write. Successful exploitation of this issue may allow an attacker to elevate their permissions.
This issue affects Terminal Server Agent 6.0; Terminal Server Agent 7.0.6 and earlier
|Terminal Server Agent 7.0||<= 7.0.6||>= 7.0.7|
CVSSv3.1 Base Score: 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CWE-787 Out-of-bounds Write
Terminal Server Agent 7.0.7 and later
Workarounds and Mitigations
Palo Alto Networks would like to thank Parvez Anwar from Verizon for reporting this issue to us.
© 2020 Palo Alto Networks, Inc. All rights reserved.