CVE-2015-7378 Information

Description

Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the \Panda Security URL Filtering\ directory and installed files which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://packetstormsecurity.com/files/136607/Panda-Security-URL-Filtering-Privilege-Escalation.html http://seclists.org/fulldisclosure/2016/Apr/25 https://www.exploit-db.com/exploits/39670/ cpe:2.3:a:pandasecurity:panda_security_url_filtering::::::::

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8