10
CVE-2019-12042
- EPSS 0.71%
- Published 23.05.2019 14:29:07
- Last modified 21.11.2024 04:22:09
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an event (as an encrypted JSON string) to the system service AgentSvc.exe, which leads to privilege escalation when the CmdLineExecute event is queued. This affects Panda Antivirus, Panda Antivirus Pro, Panda Dome, Panda Global Protection, Panda Gold Protection, and Panda Internet Security.
Data is provided by the National Vulnerability Database (NVD)
Pandasecurity ≫ Panda Antivirus Version < 18.07.03
Pandasecurity ≫ Panda Antivirus Pro Version < 18.07.03
Pandasecurity ≫ Panda Dome Version < 18.07.03
Pandasecurity ≫ Panda Global Protection Version < 18.07.03
Pandasecurity ≫ Panda Gold Protection Version < 18.07.03
Pandasecurity ≫ Panda Internet Security Version < 18.07.03
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.71% | 0.698 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.