CVE-2017-5329 Local Privilege Escalation in Terminal Server Agent
Attack Vector
LOCAL
Scope
UNCHANGED
Attack Complexity
LOW
Confidentiality Impact
HIGH
Privileges Required
LOW
Integrity Impact
HIGH
User Interaction
NONE
Availability Impact
HIGH
Description
A local privilege escalation vulnerability exists in Terminal Server Agent (ref # PAN-67756 / CVE-2017-5329).
Terminal Server Agent contains a vulnerability that may allow for an out of bounds write. Successful exploitation of this issue may allow an attacker to elevate their permissions.
This issue affects Terminal Server Agent 6.0; Terminal Server Agent 7.0.6 and earlier
Product Status
Versions | Affected | Unaffected |
---|---|---|
Terminal Server Agent 7.0 | <= 7.0.6 | >= 7.0.7 |
Severity: HIGH
CVSSv3.0 Base Score: 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Weakness Type
Solution
Terminal Server Agent 7.0.7 and later
Workarounds and Mitigations
N/A
Acknowledgments
Palo Alto Networks would like to thank Parvez Anwar from Verizon for reporting this issue to us.