Privilege Escalation via Symlink Chain in Cylance CylancePROTECT

Privilege Escalation via Symlink Chain in Cylance CylancePROTECT

CVE-2018-10722 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

In Cylance CylancePROTECT before 1470, an unprivileged local user can obtain SYSTEM privileges because users have Modify access to the %PROGRAMFILES%\Cylance\Desktop\log folder, the CyUpdate process grants users Modify access to new files created in this folder, and a new file can be a symlink chain to a pathname of an arbitrary DLL that CyUpdate uses.

Learn more about our Cis Benchmark Audit For Desktop Software.