Vulnerability Name: | CCN-99639 | ||||||
Published: | 2015-01-01 | ||||||
Updated: | 2015-01-01 | ||||||
Summary: | Microsoft Windows could allow a local attacker to gain elevated privileges on the system, caused by the failure to correctly check the impersonation token of the caller to determine if the user is an administrator by the AhcVerifyAdminContext function within ahcache.sys. An attacker could exploit this vulnerability to gain elevated privileges on the system. | ||||||
CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||
CVSS v2 Severity: | 7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C) 6.1 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:U/RC:UR)
| ||||||
Vulnerability Consequences: | Gain Privileges | ||||||
References: | Source: CCN Type: Microsoft Web site Windows 8.1 Source: CCN Type: BID-71857 Microsoft Windows 'AhcVerifyAdminContext' Function Local Privilege Escalation Vulnerability Source: XF Type: UNKNOWN ms-win-ahcache-priv-esc(99639) Source: CCN Type: Packet Storm Security [01-01-2015] Windows ahcache.sys/NtApphelpCacheControl Privilege Escalation Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [01-01-2015] | ||||||
Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
BACK |