CVE-2024-29072

2024-05-2814:15:12

CWE-295

talos

web.nvd.nist.gov

nvd

vulnerability

disclosure

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

EPSS

Percentile

9.0%

JSON

A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of privilege.

Affected configurations

Vulners

Vulnrichment

Node

foxitreaderRange≤2024.2.0.25138

VendorProductVersionCPE
foxitreader*cpe:2.3:a:foxit:reader:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
foxit	reader	*	cpe:2.3:a:foxit:reader::::::::

CNA Affected

[
  {
    "vendor": "Foxit",
    "product": "Foxit Reader",
    "versions": [
      {
        "version": "2024.2.0.25138",
        "status": "affected"
      }
    ]
  }
]