Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-7240

F-Secure Total Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of F-Secure Total. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the WithSecure plugin hosting service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23005.

Published

2024-11-22T22:15:16.890

Last Modified

2024-12-11T14:22:23.280

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Primary
CWE-59

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	f-secure	total	19.2	Yes

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1012/ Third Party Advisory ([email protected])