CVE-2019-14969
NONE EPSS 36.9%
Published Aug 12, 20196y ago · Modified Jun 17, 20262w ago
Published Aug 12, 2019 6y ago
Last Modified Jun 17, 2026 2w ago
Description
Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. In addition, the service Netwrix.ADA.StorageAuditService (which writes to that directory) does not perform proper impersonation, and thus the target file will have the same permissions as the invoking process (in this case, granting Authenticated Users full access over the target file). This vulnerability can be triggered by a low-privileged user to perform DLL Hijacking/Binary Planting attacks and ultimately execute code as NT AUTHORITY\SYSTEM with the help of Symbolic Links.
Threat Intelligence
EPSS Exploit Probability
36.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-732
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| netwrix | auditor | * | <9.8 |
References 1
- github.com https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-010.md
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.