A local privilege escalation may be possible due to an insecure call to the CreateProcessAsUserA (Unquoted path) WinAPI function while the ControlUp Real-Time Agent is running.
The prerequisites for exploiting this vulnerability are very uncommon and include write access to C:\ by a low-privilege user and the ability to restart the cuAgent service.
We advise you to do the following:
It is important to update/uninstall all ControlUp Real-Time Agents even if they are no longer in use. You can watch this 2-minute video to learn how to easily find machines with older ControlUp Real-Time Agent versions.