Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.
AnalysisAI
Local privilege escalation in Fujitsu ServerView Agents for Windows version 11.60.04 and earlier allows an authenticated low-privileged user on the host to obtain SYSTEM-level privileges through incorrect permission assignment on a critical resource. The flaw is reported by JPCERT/CC under JVN#67883085 with a CVSS 4.0 score of 8.5; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Technical ContextAI
ServerView Agents is Fujitsu's in-band server management agent suite, deployed on Windows hosts to expose hardware health, inventory, and event data to ServerView Operations Manager and ISM. The root cause is CWE-732 (Incorrect Permission Assignment for Critical Resource), meaning a file, directory, registry key, named pipe, or Windows service object installed by the agent is created with an ACL that grants modify or write access to a non-privileged group (often Authenticated Users or BUILTIN\Users). Because ServerView Agents components typically run as LocalSystem services on Windows, a writable binary, DLL search-path entry, or service configuration in that trust boundary lets a local user substitute their own code, which is then executed under the SYSTEM account on next service start or auto-load.
RemediationAI
Upgrade ServerView Agents for Windows to the fixed release published by Fujitsu/FsasTech as referenced in advisory https://www.fsastech.com/ja-jp/resources/security/2026/0529.html (no exact fix version is included in the provided data, so confirm the patched build directly from the vendor advisory and JVN#67883085 at https://jvn.jp/en/jp/JVN67883085/). Until patched, restrict interactive and remote desktop logon to the affected servers to administrators only, audit the ACLs on the ServerView Agents install directory and its Windows service binaries/configurations with tools such as AccessChk to identify and tighten any non-admin writable objects, and monitor for service binary replacement and unexpected SYSTEM-spawned child processes. Stopping or disabling the ServerView Agents services is a possible compensating control but will blind ServerView Operations Manager/ISM to that host's hardware health and event stream, so weigh that loss of monitoring against exposure.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33571
GHSA-p97f-3rpx-7xfx