Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
890
VMScore

CVE-2019-12042

Published: 23/05/2019 Updated: 24/08/2020
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Panda Antivirus

Vulnerability Summary

Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products prior to 18.07.03 allow malicious users to queue an event (as an encrypted JSON string) to the system service AgentSvc.exe, which leads to privilege escalation when the CmdLineExecute event is queued. This affects Panda Antivirus, Panda Antivirus Pro, Panda Dome, Panda Global Protection, Panda Gold Protection, and Panda Internet Security.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pandasecurity panda antivirus

pandasecurity panda dome

pandasecurity panda gold protection

pandasecurity panda internet security

pandasecurity panda antivirus pro

pandasecurity panda global protection

Github Repositories

https://github.com/SouhailHammou/Panda-Antivirus-LPE

The exploit for Panda AV LPE

Panda Antivirus - Local Privilege Escalation (CVE-2019-12042) This is the exploit for a vulnerability I found in Panda Antivirus leading to escalation of privileges to SYSTEM The affected products are : Versions < 180703 of Panda Dome, Panda Internet Security, Panda Antivirus Pro, Panda Global Protection, Panda Gold Protection, and old versions of Panda Antivirus &

References

CWE-732https://www.pandasecurity.com/usa/support/card?id=100063https://rce4fun.blogspot.com/2019/05/panda-antivirus-local-privilege.htmlhttps://github.com/SouhailHammou/Panda-Antivirus-LPEhttps://nvd.nist.govhttps://github.com/SouhailHammou/Panda-Antivirus-LPE
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook