9.8
CVSSv3

CVE-2019-12042

CVSSv4: NA | CVSSv3: 9.8 | CVSSv2: 10 | VMScore: 1000 | EPSS: 0.01461 | KEV: Not Included
Published: 23/05/2019 Updated: 21/11/2024

Vulnerability Summary

Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products prior to 18.07.03 allow malicious users to queue an event (as an encrypted JSON string) to the system service AgentSvc.exe, which leads to privilege escalation when the CmdLineExecute event is queued. This affects Panda Antivirus, Panda Antivirus Pro, Panda Dome, Panda Global Protection, Panda Gold Protection, and Panda Internet Security.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pandasecurity panda antivirus

pandasecurity panda antivirus pro

pandasecurity panda dome

pandasecurity panda global protection

pandasecurity panda gold protection

pandasecurity panda internet security

Github Repositories

The exploit for Panda AV LPE

Panda Antivirus - Local Privilege Escalation (CVE-2019-12042) This is the exploit for a vulnerability I found in Panda Antivirus leading to escalation of privileges to SYSTEM The affected products are : Versions < 180703 of Panda Dome, Panda Internet Security, Panda Antivirus Pro, Panda Global Protection, Panda Gold Protection, and old versions of Panda Antivirus &