Palo Alto Networks Security Advisories / CVE-2017-5329

CVE-2017-5329 Local Privilege Escalation in Terminal Server Agent

047910
Severity 7.8 · HIGH
Attack Vector LOCAL
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact HIGH
Privileges Required LOW
Integrity Impact HIGH
User Interaction NONE
Availability Impact HIGH

Description

A local privilege escalation vulnerability exists in Terminal Server Agent (ref # PAN-67756 / CVE-2017-5329).

Terminal Server Agent contains a vulnerability that may allow for an out of bounds write. Successful exploitation of this issue may allow an attacker to elevate their permissions.

This issue affects Terminal Server Agent 6.0; Terminal Server Agent 7.0.6 and earlier

Product Status

VersionsAffectedUnaffected
Terminal Server Agent 7.0<= 7.0.6>= 7.0.7

Severity: HIGH

CVSSv3.0 Base Score: 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Weakness Type

CWE-787 Out-of-bounds Write

Solution

Terminal Server Agent 7.0.7 and later

Workarounds and Mitigations

N/A

Acknowledgments

Palo Alto Networks would like to thank Parvez Anwar from Verizon for reporting this issue to us.
© 2024 Palo Alto Networks, Inc. All rights reserved.