CVE-2017-5329
published 2017-01-27CVE-2017-5329: Palo Alto Networks Terminal Services Agent before 7.0.7 allows local users to gain privileges via vectors that trigger an out-of-bounds write operation.
PriorityP345high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
0.98%
57.7th percentile
Palo Alto Networks Terminal Services Agent before 7.0.7 allows local users to gain privileges via vectors that trigger an out-of-bounds write operation.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paloalto | terminal_server_agent | — | — |
| paloaltonetworks | terminal_services_agent | <= 7.0.6 | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
Local Privilege Escalation in Terminal Server Agent
vendor_paloalto·2017-01-26·CVSS 7.8
CVE-2017-5329 [HIGH] CWE-787 Local Privilege Escalation in Terminal Server Agent
Local Privilege Escalation in Terminal Server Agent
A local privilege escalation vulnerability exists in Terminal Server Agent (ref # PAN-67756 / CVE-2017-5329).
Terminal Server Agent contains a vulnerability that may allow for an out of bounds write. Successful exploitation of this issue may allow an attacker to elevate their permissions.
This issue affects Terminal Server Agent 6.0; Terminal Server Agent 7.0.6 and earlier
Affected products: Terminal Server Agent
Solution: Terminal Server Agent 7.0.7 and later
Workaround: N/A
GHSA
GHSA-v33v-wq4h-3fvm: Palo Alto Networks Terminal Services Agent before 7
ghsa_unreviewed·2022-05-13
CVE-2017-5329 [HIGH] CWE-787 GHSA-v33v-wq4h-3fvm: Palo Alto Networks Terminal Services Agent before 7
Palo Alto Networks Terminal Services Agent before 7.0.7 allows local users to gain privileges via vectors that trigger an out-of-bounds write operation.
No detection rules found.
No writeups or analysis indexed.
2017-01-27
Published