This page aggregates publicly disclosed CVE and security risk information related to atera, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-37243 | The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\Windows\Temp\Agent.Package.Availability folder inherits permissions from C:\Windows\Temp and Agent.Package.Availability.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges. | [email protected] | 7.8 | 0.03% | 2023-10-31 | 2024-11-21 |
| CVE-2023-26077 | Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions. | [email protected] | 7.8 | 0.05% | 2023-07-24 | 2024-11-21 |
| CVE-2023-26078 | Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs. | [email protected] | 7.8 | 0.05% | 2023-07-24 | 2024-11-21 |