G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA Backup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22312.
History

Thu, 05 Dec 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Gdata-software
Gdata-software total Security
CPEs cpe:2.3:a:gdata-software:total_security:25.5.15.21:*:*:*:*:*:*:*
Vendors & Products Gdata-software
Gdata-software total Security
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 22 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
Description G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA Backup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22312.
Title G DATA Total Security Link Following Local Privilege Escalation Vulnerability
Weaknesses CWE-59
References
Metrics cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published: 2024-11-22T20:05:16.110Z

Updated: 2024-12-05T19:33:53.743Z

Reserved: 2024-02-23T19:50:03.843Z

Link: CVE-2024-1867

cve-icon Vulnrichment

Updated: 2024-12-05T19:33:48.408Z

cve-icon NVD

Status : Received

Published: 2024-11-22T20:15:08.163

Modified: 2024-11-22T20:15:08.163

Link: CVE-2024-1867

cve-icon Redhat

No data.