WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. User interaction on the part of an administrator is required to exploit this vulnerability.
The specific flaw exists within the WithSecure plugin hosting service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23035.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.zerodayinitiative.com/advisories/ZDI-24-491/ |
History
No history.
MITRE
Status: PUBLISHED
Assigner: zdi
Published: 2024-05-22T19:13:53.373Z
Updated: 2024-08-01T20:40:47.114Z
Reserved: 2024-05-02T23:39:34.766Z
Link: CVE-2024-4454
Vulnrichment
Updated: 2024-08-01T20:40:47.114Z
NVD
Status : Awaiting Analysis
Published: 2024-05-22T20:15:10.130
Modified: 2024-11-21T09:42:51.820
Link: CVE-2024-4454
Redhat
No data.