CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
9.0%
A Race Condition exists in the Qualys Cloud Agent for Windows
platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to
escalate privileges limited on the local machine during uninstallation of the
Qualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on
that asset to run arbitrary commands.
At the time of this disclosure, versions before 4.0 are classified as End
of Life.
[
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cloud Agent",
"vendor": "Qualys",
"versions": [
{
"lessThan": "4.5.3.1",
"status": "affected",
"version": " 3.1.3.34",
"versionType": "custom"
}
]
}
]