Escalating Privileges with CylancePROTECT

Escalating Privileges with CylancePROTECT

CylancePROTECT contains a privilege escalation vulnerability due to the update service granting Users Modify permissions on the log folder, as well as any log file it writes. This allows any user to empty the folder and use it as a Mount Point, which can be combined with a Symbolic Link to create an arbitrary file with Modify permissions when a new log file is created.