Local Privilege Escalation Vulnerability in Panda Security Dome
CVE-2024-7243

7.8HIGH

Key Information:

Vendor: Panda Security
Status: Dome
Vendor: CVE Published:; 22 November 2024

🔔 Create Panda Security Vulnerability Alert

What is CVE-2024-7243?

A local privilege escalation vulnerability exists in the Panda Security Dome due to a flaw in the PSANHost executable. This flaw can be exploited by an attacker who gains execution capability of low-privileged code on the target system. By manipulating the service to create junctions, an attacker can generate arbitrary files, leading to the potential execution of arbitrary code with elevated permissions, effectively allowing the attacker to escalate their privileges to the SYSTEM level.

Affected Version(s)

Dome 22.02.01

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1013/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2024

CVE-2024-7243 Data

JSON