Local Privilege Escalation Vulnerability in Panda Security Dome
CVE-2024-13043

7.8HIGH

Key Information:

Vendor: Panda Security
Status: Panda Dome
Vendor: CVE Published:; 30 December 2024

🔔 Create Panda Security Vulnerability Alert

What is CVE-2024-13043?

The vulnerability in Panda Security Dome presents a significant risk, allowing local attackers to escalate their privileges on affected installations. By leveraging a flaw within Hotspot Shield, attackers can create a junction, leading to the deletion of arbitrary files. The exploitation of this vulnerability necessitates that the attacker first execute low-privileged code on the target system. Once successful, the attacker can gain SYSTEM-level privileges, enabling the execution of arbitrary code within the affected environment. This creates a pathway for further compromise of the system and its data.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1727/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 30, 2024