Vulnerability Details CVE-2016-3943
Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.6%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- http://packetstormsecurity.com/files/136606/Panda-Endpoint-Administration-Agent-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2016/Apr/24
- https://www.exploit-db.com/exploits/39671/
- http://packetstormsecurity.com/files/136606/Panda-Endpoint-Administration-Agent-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2016/Apr/24
- https://www.exploit-db.com/exploits/39671/
Products affected by CVE-2016-3943
-
cpe:2.3:a:watchguard:panda_endpoint_administration_agent:7.49