CVE-2024-29072

2024-05-2813:52:58

CWE-295

talos

github.com

cve-2024-29072

privilege escalation

foxit reader

certification validation

updater executable

low privilege user

elevation of privilege

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of privilege.

CNA Affected

[
  {
    "vendor": "Foxit",
    "product": "Foxit Reader",
    "versions": [
      {
        "status": "affected",
        "version": "2024.2.0.25138"
      }
    ]
  }
]