The vulnerability of the Patch Management Agent component in the VIPRE Advanced Security antivirus software allows a hacker to enhance their privileges.

🗓️ 05 Jul 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

Privilege escalation flaw in VIPRE Advanced Security Patch Management Agent due to unquoted paths.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2024-5929	21 Aug 202419:55	–	circl
CVE	CVE-2024-5929	21 Aug 202416:12	–	cve
Cvelist	CVE-2024-5929 VIPRE Advanced Security PMAgent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability	21 Aug 202416:12	–	cvelist
EUVD	EUVD-2024-47058	3 Oct 202520:07	–	euvd
NVD	CVE-2024-5929	21 Aug 202417:15	–	nvd
Positive Technologies	PT-2023-9229 · Unknown · Vipre Advanced Security	12 Jan 202300:00	–	ptsecurity
Vulnrichment	CVE-2024-5929 VIPRE Advanced Security PMAgent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability	21 Aug 202416:12	–	vulnrichment
Zero Day Initiative	VIPRE Advanced Security PMAgent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability	20 Jun 202400:00	–	zdi

Vulners

Node

vipre advanced_securityRange<12.0.2.220

Source	Link
success	www.success.vipre.com/en_US/home-windows-release-notes/home-windows-release-notes-20240227
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2024062428
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-CAN-22316/
web	www.web.nvd.nist.gov/view/vuln/detail
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-24-818/

05 Jul 2024 00:00Current

7.3High risk

Vulners AI Score7.3

CVSS 26.8

CVSS 37.8

EPSS0.00109

vipre advanced security patch management agent privilege escalation unquoted paths vulnerability