CVE-2024-7244Uncontrolled Search Path Element in Security Dome

CWE-427Uncontrolled Search Path Element3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 81.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Panda Security DomePandasecurity Panda Dome
Timeline
PublishedNov 22
Latest updateNov 23

Description

Panda Security Dome VPN DLL Hijacking Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the VPN process. The process does not restrict DLL search to trusted paths, which can result in the loading of a malicious DLL. An attacke

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5panda_security/dome22.02.01

🔴Vulnerability Details

2
GHSA
GHSA-5v77-c82m-jvhp: Panda Security Dome VPN DLL Hijacking Local Privilege Escalation Vulnerability2024-11-23
CVEList
Panda Security Dome VPN DLL Hijacking Local Privilege Escalation Vulnerability2024-11-22
CVE-2024-7244 — Uncontrolled Search Path Element | cvebase