CVE-2024-7244

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Nov 26, 2024
CWE ID 427

Summary

CVE-2024-7244 is a local privilege escalation vulnerability affecting Panda Security Dome VPN. An attacker can exploit this issue by hijacking a DLL in the VPN process, which does not restrict DLL search to trusted paths. To leverage this vulnerability, an attacker must initially gain the ability to execute low-privileged code on the target system. Successful exploitation allows the attacker to escalate privileges and execute arbitrary code with SYSTEM-level access. The flaw was discovered and reported to Zero Day Initiative as ZDI-CAN-23428.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share