F-Secure Total Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of F-Secure Total. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the WithSecure plugin hosting service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23005.
History

Wed, 11 Dec 2024 14:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


Thu, 05 Dec 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared F-secure
F-secure total
CPEs cpe:2.3:a:f-secure:total:19.2:*:*:*:*:*:*:*
Vendors & Products F-secure
F-secure total
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 22 Nov 2024 21:30:00 +0000

Type Values Removed Values Added
Description F-Secure Total Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of F-Secure Total. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the WithSecure plugin hosting service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23005.
Title F-Secure Total Link Following Local Privilege Escalation Vulnerability
Weaknesses CWE-59
References
Metrics cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published: 2024-11-22T21:12:29.581Z

Updated: 2024-12-05T14:26:55.438Z

Reserved: 2024-07-29T20:29:05.822Z

Link: CVE-2024-7240

cve-icon Vulnrichment

Updated: 2024-12-05T14:26:47.783Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-22T22:15:16.890

Modified: 2024-12-11T14:22:23.280

Link: CVE-2024-7240

cve-icon Redhat

No data.