CVE-2024-29072

2024-05-2813:52:58

CWE-295

talos

www.cve.org

vulnerability

foxit reader

certification validation

updater executable

privilege escalation

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

Percentile

9.0%

JSON

A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of privilege.

CNA Affected

[
  {
    "vendor": "Foxit",
    "product": "Foxit Reader",
    "versions": [
      {
        "version": "2024.2.0.25138",
        "status": "affected"
      }
    ]
  }
]