3 matches found
CVE-2023-26077
Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions...
Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks
Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078,...
CVE-2023-26077
The CVE-2023-26077 issue affects Atera Agent for Windows (versions 1.8.3.6 and earlier). It arises from the MSI installer’s repair functionality creating temporary files in directories with insecure permissions, enabling potential local privilege escalation (e.g., via DLL hijacking) when exploite...