CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-37243
https://notcve.org/view.php?id=CVE-2023-37243
31 Oct 2023 — The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\Windows\Temp\Agent.Package.Availability folder inherits permissions from C:\Windows\Temp and Agent.Package.Availability.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges. El archivo C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe se inicia automáticamente como SYSTE... • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0010.md • CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-26077
https://notcve.org/view.php?id=CVE-2023-26077
24 Jul 2023 — Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions. • https://github.com/mandiant/Vulnerability-Disclosures • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-26078
https://notcve.org/view.php?id=CVE-2023-26078
24 Jul 2023 — Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs. • https://github.com/mandiant/Vulnerability-Disclosures •