Local Privilege Escalation Vulnerability in Panda Security Dome
CVE-2024-7241

7.8HIGH

Key Information:

Vendor: Panda Security
Status: Dome
Vendor: CVE Published:; 22 November 2024

🔔 Create Panda Security Vulnerability Alert

What is CVE-2024-7241?

A local privilege escalation vulnerability has been identified in the Panda Security Dome, stemming from a flaw within the PSANHost service. This vulnerability enables local attackers, who already have access to execute low-privileged code on the target system, to escalate their privileges. By creating a junction, an attacker can exploit this flaw to create arbitrary files and execute malicious code with SYSTEM privileges, potentially compromising the security of the system without detection. Users of affected versions are advised to apply the latest patches to mitigate the risks associated with this vulnerability.

Affected Version(s)

Dome 22.02.01

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1016/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2024

CVE-2024-7241 Data

JSON