Headline

CVE-2023-26078: Vulnerability-Disclosures/2023/MNDT-2023-0009.md at master · mandiant/Vulnerability-Disclosures

Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs.

1 year ago

CVE

Open in Source

#vulnerability #windows #git

- Actions
  
  Automate any workflow
- Packages
  
  Host and manage packages
- Security
  
  Find and fix vulnerabilities
- Codespaces
  
  Instant dev environments
- Copilot
  
  Write better code with AI
- Code review
  
  Manage code changes
- Issues
  
  Plan and track work
- Discussions
  
  Collaborate outside of code

- GitHub Sponsors
  
  Fund open source developers

*   The ReadME Project
    
    GitHub community articles

Pricing

Search code, repositories, users, issues, pull requests…

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions.

1 year ago

CVE

Open in Source

#vulnerability #web #windows #google #git #c++

Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks

Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, with the issues remediated in versions 1.8.3.7 and 1.8.4.9 released by Atera on April 17, 2023, and

1 year ago

The Hacker News

Open in Source