CVE-2024-7248

CWE-22 — Path Traversal3 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 71.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Comodo Internet Security PRO Comodo Internet Security

Timeline

PublishedJul 29

Latest updateJul 30

Description

Comodo Internet Security Pro Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update mechanism. The issue results from the lack of proper validation of a user-supplied path prior to using it i…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDcomodo/internet_security12.2.4.8032

▶CVEListV5comodo/internet_security_pro12.2.4.8032

🔴Vulnerability Details

GHSA

GHSA-vvj2-p425-qphv: Comodo Internet Security Pro Directory Traversal Local Privilege Escalation Vulnerability↗2024-07-30

▶

CVEList

Comodo Internet Security Pro Directory Traversal Local Privilege Escalation Vulnerability↗2024-07-29

▶