CVE-2018-6322 — Panda Global Protection vulnerability

3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 87.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pandasecurity Panda Global Protection

Timeline

PublishedMar 12

Latest updateMay 13

Description

Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \.\pipe\PSANMSrvcPpal -- an "insecurely created named pipe." Ensures full access to Everyone users group.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDpandasecurity/panda_global_protection17.0.1

🔴Vulnerability Details

GHSA

GHSA-5xv7-qjhf-w2mq: Panda Global Protection 17↗2022-05-13

▶

CVEList

CVE-2018-6322: Panda Global Protection 17↗2018-03-12

▶