Privilege Escalation Vulnerability in Panda Security Free Antivirus
CVE-2021-34998

7HIGH

Key Information:

Vendor

Panda Security

Status
Free Antivirus
Vendor
CVE Published:
13 January 2022

What is CVE-2021-34998?

A security flaw in Panda Security Free Antivirus allows local attackers to escalate their privileges by executing arbitrary code in the context of SYSTEM. The issue arises from improper handling of named pipes, specifically enabling an untrusted process to impersonate the client of a pipe. As a result, an attacker who successfully executes low-privileged code on the system can exploit this vulnerability to gain higher privileges and potentially take control of the system.

Affected Version(s)

Free Antivirus 20.2.0.0

References

https://www.zerodayinitiative.com/advisories/ZDI-21-1336/
x_refsource_MISC
https://www.pandasecurity.com/en/support/card?id=100077
x_refsource_MISC

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative
.
CVE-2021-34998 : Privilege Escalation Vulnerability in Panda Security Free Antivirus