CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-1853

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00039/1

CVE-2024-1853: Zemana AntiLogger Arbitrary Process Termination Vulnerability. This security flaw allows for the unexpected termination of processes due to a vulnerability in the zam64.sys and zamguard64.sys drivers. By triggering the 0x80002048 IOCTL code, an attacker could exploit this weakness. The CVSS score is 0, however, SOCRadar has assigned an SVRS of 30 indicating a moderate risk, though it does not require immediate action. While the CVSS score is low, the "In The Wild" tag suggests active exploitation, meriting increased vigilance. The core risk involves potential disruption of critical system processes. This vulnerability is significant because it demonstrates a weakness in process handling within a security application, potentially undermining system stability and defense mechanisms.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-03-14
LAST MODIFIED2024-03-15
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-1853 is an Arbitrary Process Termination vulnerability in Zemana AntiLogger v2.74.204.664. It allows an attacker to terminate arbitrary processes by triggering the 0x80002048 IOCTL code of the zam64.sys and zamguard64.sys drivers. The SVRS of 30 indicates a moderate risk, requiring attention but not immediate action.

Key Insights:

  • Exploitation: Active exploits have been published, making this vulnerability a potential threat to organizations using Zemana AntiLogger.
  • Impact: Successful exploitation could allow attackers to terminate critical processes, leading to system instability or data loss.
  • Affected Systems: The vulnerability affects Zemana AntiLogger v2.74.204.664 and earlier versions.
  • Threat Actors: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.

Mitigation Strategies:

  • Update Software: Install the latest version of Zemana AntiLogger (v2.74.204.665 or later) to patch the vulnerability.
  • Disable Vulnerable Drivers: Temporarily disable the zam64.sys and zamguard64.sys drivers until a patch is available.
  • Monitor Systems: Implement security monitoring tools to detect any suspicious activity or unauthorized process terminations.
  • Educate Users: Inform users about the vulnerability and advise them to be cautious of suspicious emails or attachments.

Additional Information:

  • The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.
  • The vulnerability is not currently being actively exploited in the wild.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

TypeIndicatorDate
HASH
f41f07be534079dcddff4c7572860c152024-08-06
HASH
03de103ee608a3dcd95fd672fca32fa6f44972a32024-08-06
HASH
379e4c80bc7f2d174b5ca9f2decedcee587c73517183488e23e7f34c993717742024-08-06

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Threat Actors Allegedly Selling Baldwin Killer That Bypasses AV & EDR
Kaaviya2025-04-21
Threat Actors Allegedly Selling Baldwin Killer That Bypasses AV & EDR | A sophisticated malware tool dubbed “Baldwin Killer” is reportedly being marketed on underground forums as a powerful solution for bypassing antivirus (AV) and endpoint detection and response (EDR) security products.  Security researchers have identified a forum listing offering this tool for prices ranging from $300 to $580, with transactions conducted through escrow services to protect […] The post Threat Actors Allegedly Selling Baldwin Killer That Bypasses AV & EDR
cybersecuritynews.com
rss
forum
news
Exploring vulnerable Windows drivers
Vanja Svajcer2024-12-19
Exploring vulnerable Windows drivers | This post is the result of research into the real-world application of the Bring Your Own Vulnerable Driver (BYOVD) technique along with Cisco Talos’ series of posts about malicious Windows drivers.This post is the result of research into the real-world application of the Bring Your Own Vulnerable Driver (BYOVD) technique along with Cisco Talos&#x2019; series of posts about &#xa0;malicious Windows drivers.<
feedburner.com
rss
forum
news
Weekly Cyber Security News Letter – Data Breaches, Vulnerability, Cyber Attack &amp; More
Guru Baran2024-07-21
Weekly Cyber Security News Letter – Data Breaches, Vulnerability, Cyber Attack &amp; More | On a weekly basis, the cyber security newsletter is considered an essential update on information that can be witnessed as a crucial intelligence briefing for the cybersecurity community. It summarizes in such a way that it enables professionals who are concerned with security, organizations, and people to remain ahead of new security threats. The range [&#8230;] The post Weekly Cyber Security News Letter &#8211; Data Breaches, Vulnerability, Cyber Attack &amp; More<
cybersecuritynews.com
rss
forum
news
Weekly Cyber Security News Letter - Data Breaches, Vulnerability, Cyber Attack &amp; More - CybersecurityNews
2024-07-21
Weekly Cyber Security News Letter - Data Breaches, Vulnerability, Cyber Attack &amp; More - CybersecurityNews | News Content: On a weekly basis, the cyber security newsletter is considered an essential update on information that can be witnessed as a crucial intelligence briefing for the cybersecurity community. It summarizes in such a way that it enables professionals who are concerned with security, organizations, and people to remain ahead of new security threats. The range of subjects covered by the newsletter is extensive including recently discovered strains of malware, advanced methods of phishing, vulnerabilities in important software, and new ways to fight against the attacks. In
google.com
rss
forum
news
Killer Ultra Malware Attacking EDR Tools From Symantec, Microsoft, &amp; SentinelOne
Guru Baran2024-07-17
Killer Ultra Malware Attacking EDR Tools From Symantec, Microsoft, &amp; SentinelOne | Killer Ultra malware has been found to be targeting endpoint detection and response (EDR) tools from Symantec, Microsoft, and Sentinel One in ransomware attacks. Killer Ultra gathers all Windows event logs, clears them entirely, and acquires kernel-level permissions. ARC Labs has classified this malware as &#8220;Killer Ultra.&#8221; Killer Ultra uses the well-known Zemana driver to [&#8230;] The post Killer Ultra Malware Attacking EDR Tools From Symantec, Microsoft, &#038;
cybersecuritynews.com
rss
forum
news
Killer Ultra Malware Attacking EDR Tools From Symantec, Microsoft, And Sentinel One
Raga Varshini2024-07-17
Killer Ultra Malware Attacking EDR Tools From Symantec, Microsoft, And Sentinel One | Killer Ultra malware has been found to be targeting endpoint detection and response (EDR) tools from Symantec, Microsoft, and Sentinel One in ransomware attacks. Killer Ultra gathers all Windows event logs, clears them entirely, and acquires kernel-level permissions. ARC Labs has classified this malware as &#8220;Killer Ultra.&#8221; Killer Ultra uses the well-known Zemana driver to [&#8230;] The post Killer Ultra Malware Attacking EDR Tools From Symantec
cybersecuritynews.com
rss
forum
news

Social Media

Our #researchteam found a #zeroday vulnerability in Zemana AntiLogger. As a #CNA, we assigned the ID CVE-2024-1853. Details here: 🔗https://t.co/bpPZIYrKKf. We have announced 170 #CVE to this date: 🔗https://t.co/gJf0vsgJQ1 #WeHackYourSoftware #AppSec https://t.co/N3lAIglxsr
0
0
0
Our #researchteam found a #zeroday vulnerability in Zemana AntiLogger. As a #CNA, we assigned the ID CVE-2024-1853. Details here: 🔗https://t.co/bpPZIYrKKf. We have announced 170 #CVE to this date: 🔗https://t.co/gJf0vsgJQ1 #WeHackYourSoftware #AppSec https://t.co/OmmDLjB5cI
0
0
0
Our #researchteam found a #zeroday vulnerability in Zemana AntiLogger. As a CNA, we assigned the ID CVE-2024-1853. Details about it here: 🔗https://t.co/bpPZIYrKKf. We have announced 165 #CVE to this date: 🔗https://t.co/gJf0vsgJQ1 #WeHackYourSoftware #CNA #AppSec #CVSS https://t.co/79VjfjlTzi
0
0
0
Our #researchteam found a #zeroday vulnerability in Zemana AntiLogger. As a CNA, we assigned the ID CVE-2024-1853. Details about it here: 🔗https://t.co/bpPZIYrKKf. We have announced 165 #CVE to this date: 🔗https://t.co/gJf0vsgJQ1 #WeHackYourSoftware #CNA #AppSec #CVSS https://t.co/U96jNqbT9x
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://fluidattacks.com/advisories/ellington/
[email protected]https://zemana.com/us/antilogger.html

CWE Details

CWE IDCWE NameDescription
CWE-283Unverified OwnershipThe software does not properly verify that a critical resource is owned by the proper entity.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence