Security Advisory – CVE-2022-27905

This document addresses Privilege Escalation vulnerability (CVE-2022-27905) in the Controlup Real-Time Agent.

Vulnerability ID: CVE-2022-27905
Severity: Medium
Update Release Date: February 17, 2022
Fix version: Version >= 8.6 for both Hybrid Cloud and COP (On-Premises)

What was the problem?

A local privilege escalation may be possible due to an insecure call to the CreateProcessAsUserA (Unquoted path) WinAPI function while the ControlUp Real-Time Agent is running.
The prerequisites for exploiting this vulnerability are very uncommon and include write access to C:\ by a low-privilege user and the ability to restart the cuAgent service.


We advise you to do the following:

  • Upgrade to the latest 8.6 version of ControlUp (Hybrid Cloud and On-Premises).
  • Deploy the latest ControlUp Real-Time Agent to all endpoints.

It is important to update/uninstall all ControlUp Real-Time Agents even if they are no longer in use. You can watch this 2-minute video to learn how to easily find machines with older ControlUp Real-Time Agent versions.

Upgrade Guides:

Upgrade Guide for Hybrid Cloud 8.x to 8.6
On-Premises Upgrade Guide 8.x to 8.6
Please read more about the new features and security enhancements in our Security Best Practices Guide.