CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-8424

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00022/1

CVE-2024-8424 is an Improper Privilege Management vulnerability affecting WatchGuard EPDR, Panda AD360, and Panda Dome on Windows. It allows arbitrary file deletion with SYSTEM permissions due to a flaw in the PSANHost.exe module. This vulnerability impacts EPDR versions prior to 8.00.23.0000, Panda AD360 versions prior to 8.00.23.0000, and Panda Dome versions prior to 22.03.00. Despite a CVSS score of 0, the SOCRadar Vulnerability Risk Score (SVRS) is 30, indicating a moderate risk level, and showing that the exploit is "In The Wild." While not immediately critical based on SVRS, the ability to delete arbitrary files with SYSTEM permissions could lead to significant system instability and potential data loss if exploited by a threat actor. Immediate patching is highly recommended to prevent potential abuse.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-11-08
LAST MODIFIED2024-11-08
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-8424 is a critical Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows. The flaw resides in the PSANHost.exe module and allows an attacker with local user privileges to delete arbitrary files with SYSTEM permissions. This vulnerability impacts versions of EPDR prior to 8.00.23.0000, Panda AD360 prior to 8.00.23.0000, and Panda Dome prior to 22.03.00.

While the CVSS score is 7.8, the SVRS is 46, which indicates the vulnerability is actively exploited "In The Wild" and requires immediate attention.

Key Insights

  • Serious Impact: The vulnerability allows an attacker with local user privileges to elevate their access to SYSTEM privileges. This control could be used for data theft, system takeover, or malicious activities with the highest level of system permissions.
  • Exploitation Potential: This vulnerability is actively exploited "In The Wild," meaning hackers are actively using it to gain unauthorized access and compromise systems.
  • Wide Impact: The vulnerability affects multiple popular security products, including WatchGuard EPDR, Panda AD360, and Panda Dome, making it a significant concern for organizations using these solutions.
  • CWE-269: The CWE-269 (Improper Privilege Management) classification highlights the fundamental nature of the vulnerability, where the software fails to properly enforce access controls and grants excessive privileges to unauthorized entities.

Mitigation Strategies

  1. Patching: Immediately update WatchGuard EPDR to version 8.00.23.0000 or later, Panda AD360 to version 8.00.23.0000 or later, and Panda Dome to version 22.03.00 or later. Patching is the most effective way to eliminate the vulnerability.
  2. Principle of Least Privilege: Implement the Principle of Least Privilege to limit user permissions. This helps minimize the potential impact of the vulnerability if exploitation occurs.
  3. Network Segmentation: Segment the network to restrict access to sensitive resources and isolate systems vulnerable to this exploit.
  4. Monitoring: Implement robust security monitoring, including logs and intrusion detection systems, to detect any malicious activity or suspicious behavior related to this vulnerability.

Additional Information:

If you have additional queries regarding this incident, you can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ZDI-24-1471: Panda Security Dome PSANHost Link Following Local Privilege Escalation Vulnerability
2024-12-02
ZDI-24-1471: Panda Security Dome PSANHost Link Following Local Privilege Escalation Vulnerability | This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8424.
zerodayinitiative.com
rss
forum
news
ZDI-24-1533: Panda Security Dome PSANHost Link Following Local Privilege Escalation Vulnerability
2024-12-02
ZDI-24-1533: Panda Security Dome PSANHost Link Following Local Privilege Escalation Vulnerability | This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8424.
zerodayinitiative.com
rss
forum
news

Social Media

CVE-2024-8424 (CVSS:7.8, HIGH) is Awaiting Analysis. Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows (PSANHost.exe modu..https://t.co/FtLJHc4ARt #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
0
0
0
CVE-2024-8424 Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows (PSANHost.exe module) allows arbitrary file delete with SYSTEM per… https://t.co/JNmArUMukt
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
5D1C2695-1A31-4499-88AE-E847036FD7E3https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00017

CWE Details

CWE IDCWE NameDescription
CWE-269Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence