AI description
CVE-2026-27788 describes an incorrect permission assignment vulnerability found in ServerView Agents for Windows, specifically in versions V11.60.04 and earlier. This flaw allows a local authenticated attacker, who has the ability to log in to the server where the affected product is installed, to obtain SYSTEM privilege. The vulnerability was publicly disclosed on June 1, 2026. To address this issue, users are advised to update ServerView Agents for Windows to version 11.60.04 or later, or apply vendor-provided security patches immediately.
- Description
- Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.
- Source
- vultures@jpcert.or.jp
- NVD status
- Deferred
CVSS 4.0
- Type
- Secondary
- Base score
- 8.5
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.0
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- vultures@jpcert.or.jp
- CWE-732
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
2
今日のセキュリティは、国内体制の刷新、足元の権限昇格、古傷の再悪用、そしてAIによるN-day自動生成が同じ卓に並んだ日だ。守る側の時間が、また削られている。 ・警察庁、初の民間出身者を重大サイバ
@boss_sec_labo
3 Jun 2026
954 Impressions
1 Retweet
6 Likes
2 Bookmarks
0 Replies
0 Quotes
【ServerView Agents for Windowsに権限昇格脆弱性】 JVNは、ServerView Agents for Windowsに複数の脆弱性があると公表しました。対象はV11.60.04以前で、CVE-2026-27788およびCVE-2026-32325により、ログイン可能な攻撃者がSYSTEM権限を
@01ra66it
1 Jun 2026
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes