CVE-2024-7243

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Nov 26, 2024
CWE ID 59

Summary

CVE-2024-7243 is a local privilege escalation vulnerability affecting Panda Security Dome. Malicious actors who have already gained the ability to execute low-privileged code on the target system can exploit this flaw. The vulnerability lies within the PSANHost executable, which can be manipulated through the creation of a junction. An attacker can then abuse this service to create arbitrary files, ultimately escalating privileges and executing code with SYSTEM-level access. This vulnerability, originally identified as ZDI-CAN-23413, poses a significant risk to affected installations of Panda Security Dome.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share