Lucene search

PRIOn knowledge basePRION:CVE-2022-39959

HistoryOct 07, 2022 - 10:15 p.m.

Path traversal

2022-10-0722:15:00

PRIOn knowledge base

www.prio-n.com

panini

everest engine

2.0.4

path traversal

privilege escalation

unprivileged users

create file

%programdata%

panini folder

service

system

unquoted path

trojan horse

executed.

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%\Panini\Everest Engine\EverestEngine.exe and therefore a Trojan horse %PROGRAMDATA%\Panini\Everest.exe may be executed instead of the intended vendor-supplied EverestEngine.exe file.

CPENameOperatorVersion
everest_engineeq2.0.4

CPE	Name	Operator	Version
	everest_engine	eq	2.0.4

References

github.com/usmarine2141/CVE-2022-39959

www.panini.com/en/news-events/panini-patents-revolutionary-new-%E2%80%9Ceverest%E2%80%9D-architecture