CVE-2024-7240
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Nov 22, 2024
Updated: Dec 11, 2024
CWE ID 59
Summary
CVE-2024-7240 is a newly disclosed local privilege escalation vulnerability in F-Secure Total. This issue allows attackers to exploit the WithSecure plugin hosting service by creating a symbolic link, which can then be abused to create a malicious file. By exploiting this vulnerability, an attacker can escalate privileges and execute arbitrary code with SYSTEM-level access. User interaction from an administrator is required to exploit this flaw, which was initially reported as ZDI-CAN-23005.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share