CVE-2024-29072

CWE-295Improper Certificate Validation2 documents2 sources
Severity
8.2HIGH
EPSS
0.1%
top 79.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Foxit PDF EditorFoxit PDF ReaderFoxit Foxit Reader
Timeline
PublishedMay 28

Description

A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of privilege.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages3 packages

NVDfoxit/pdf_reader2024.2.1.25153
CVEListV5foxit/foxit_reader2024.2.0.25138
NVDfoxit/pdf_editor12.0.012.1.6.15509+4

🔴Vulnerability Details

1
CVEList
CVE-2024-29072: A privilege escalation vulnerability exists in the Foxit Reader 20242024-05-28