Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormFelipe Xavier OliveiraPACKETSTORM:146707
HistoryMar 08, 2018 - 12:00 a.m.

Panda Global Security 17.0.1 Unquoted Service Path

2018-03-0800:00:00
Felipe Xavier Oliveira
packetstormsecurity.com
40

0.0004 Low

EPSS

Percentile

5.1%

JSON
`=====[ Tempest Security Intelligence - ADV-18/2018 ]===  
  
Panda Global Security 17.0.1 - Unquoted service path  
-------------------------------------------------------  
Author:  
- Filipe Xavier Oliveira: < filipe.xavier () tempest.com.br  
  
=====[ Table of Contents  
]=====================================================  
  
* Overview  
* Detailed description  
* Timeline of disclosure  
* Thanks & Acknowledgements  
* References  
  
=====[ Overview  
]==============================================================  
  
* System affected : Panda Global Security [1]  
* Software Version : 17.0.1. Other versions or models may also be affected.  
* Impact : Allow an authorized but non-privileged local user to execute  
arbitrary code with elevated privileges on the system. If an attacker  
could copy a malicious file and place it on, for example, into the root  
directory. This would cause windows to run the malicious executable in  
the user context of the service account at the next service start.  
  
=====[ Detailed description  
]==================================================  
  
Unquoted Windows search path vulnerability in the "panda_url_filtering"  
service in Panda Global Protection 17.0.1 allows local users to gain  
privileges via a malicious artefact.  
------------------------------------------  
C:\windows\system32>sc qc panda_url_filtering  
SERVICE_NAME: panda_url_filtering  
TYPE : 10 WIN32_OWN_PROCESS  
START_TYPE : 2 AUTO_START  
ERROR_CONTROL : 1 NORMAL  
BINARY_PATH_NAME : C:\Program Files\Panda Security URL Filtering\Panda  
_URL_Filteringb.exe --  
LOAD_ORDER_GROUP :  
TAG : 0  
DISPLAY_NAME : panda_url_filtering Service  
DEPENDENCIES :  
SERVICE_START_NAME : LocalSystem  
  
=====[ Timeline of disclosure  
]===============================================  
  
26/01/2018 - Vendor was informed of the vulnerability.  
01/26/2018 - CVE assigned [2]  
02/05/2018 - Vendor did not respond.  
03/06/2018 - Advisory publication date.  
  
=====[ Thanks & Acknowledgements  
]============================================  
  
- Tempest Security Intelligence / Tempest's Pentest Team [3]  
  
  
=====[ References  
]===========================================================  
  
[1] - https://www.pandasecurity.com  
[2] - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6321  
[3] - http://www.tempest.com.br/  
  
--   
Filipe Oliveira  
Tempest Security Intelligence  
  
  
  
`

Related

cvelist 1
prion 1
nvd 1
cve 1
openvas 2
cvelist
cvelist
CVE-2018-6321
2018-03-12 21:00:00
prion
prion
Design/Logic Flaw
2018-03-12 21:29:00
nvd
nvd
CVE-2018-6321
2018-03-12 21:29:00
cve
cve
CVE-2018-6321
2018-03-12 21:29:00
openvas
openvas
Panda Global Protection <= 17.0.1 Multiple Vulnerabilities
2018-03-20 00:00:00
Microsoft Windows Unquoted Path Vulnerability (SMB Login)
2018-03-23 00:00:00

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for PACKETSTORM:146707
cvelist1prion1nvd1cve1openvas2