A local privilege escalation vulnerability in the Kandji Agent prior to version 4.7.5(5374) could allow an attacker to gain elevated system privileges.

This vulnerability is caused by a client validation gap in the Kandji Agent. A local attacker can exploit this weakness to bypass intended restrictions and invoke privileged agent functionality, leading to privilege escalation.

The 8.4 CVSS score indicates a high risk for local environments. An attacker who has already gained low-level access to a machine can use this vulnerability to escalate their privileges to match the agent's service account, potentially allowing full control over the affected device and bypassing security management policies.

Immediate Action: Update the Kandji Agent to version v.4.7.5(5374) or later to close the validation gap.

Proactive Monitoring: Monitor for unexpected execution of agent-related commands or unauthorized attempts to access protected system configurations.

Compensating Controls: Enforce strict access control on local user accounts and apply the principle of least privilege to minimize the risk of a local attacker reaching the vulnerable agent.

Public Exploit Available: false

Privilege escalation vulnerabilities are critical in managed environments. Administrators should deploy the updated version of the Kandji Agent across all endpoints immediately to prevent local attackers from elevating their access and compromising the integrity of the managed fleet.