VYPR
Vendor

ControlUp

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2021-45912HigJan 4, 2022
    risk 0.51cvss 7.8epss 0.00

    An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method.

  • CVE-2022-27905HigApr 27, 2022
    risk 0.47cvss 7.2epss 0.01

    In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.

  • CVE-2021-45913HigJan 4, 2022
    risk 0.47cvss 7.2epss 0.01

    A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel.