Upkeeper Instant Privilege Access
Monthly
Misconfigured .NET impersonation in upKeeper Instant Privilege Access through version 1.5.0 enables authenticated remote attackers to hijack privileged execution threads, leading to high confidentiality and integrity impact on underlying system resources. The vulnerability requires low-level privileges and presents network-based attack vector with high complexity. No public exploit identified at time of analysis, and CISA SSVC framework classifies this as non-automatable with partial technical impact. EPSS data not available for risk quantification.
Argument injection in upKeeper Instant Privilege Access through version 1.5.0 enables remote authenticated attackers to hijack privileged execution threads via manipulated command delimiters. The network-accessible attack vector combined with high confidentiality, integrity, and availability impacts across both vulnerable and subsequent systems creates critical risk for privilege escalation scenarios. EPSS data not available; no confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis, though vendor self-disclosure suggests potential for targeted abuse.
Misconfigured .NET impersonation in upKeeper Instant Privilege Access through version 1.5.0 enables authenticated remote attackers to hijack privileged execution threads, leading to high confidentiality and integrity impact on underlying system resources. The vulnerability requires low-level privileges and presents network-based attack vector with high complexity. No public exploit identified at time of analysis, and CISA SSVC framework classifies this as non-automatable with partial technical impact. EPSS data not available for risk quantification.
Argument injection in upKeeper Instant Privilege Access through version 1.5.0 enables remote authenticated attackers to hijack privileged execution threads via manipulated command delimiters. The network-accessible attack vector combined with high confidentiality, integrity, and availability impacts across both vulnerable and subsequent systems creates critical risk for privilege escalation scenarios. EPSS data not available; no confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis, though vendor self-disclosure suggests potential for targeted abuse.