ExploitCVE-2024-5928
Improper Link Resolution Before File Access ('Link Following') (CWE-59)
Summary
This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. The specific flaw exists within the Patch Management Agent. By creating a symbolic link, an attacker can abuse the agent to delete a file. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Impact
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. This could potentially lead to complete system compromise, allowing the attacker to gain full control over the affected machine, access sensitive data, install malware, or perform any action with SYSTEM-level privileges.
Exploitation
One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.
Patch
VIPRE has issued an update to correct this vulnerability. The patch is available, and more details can be found at: https://success.vipre.com/en_US/home-windows-release-notes/home-windows-release-notes-20240227
Mitigation
1. Apply the patch provided by VIPRE as soon as possible. 2. Limit user privileges and ensure principle of least privilege is followed. 3. Monitor for suspicious activities, especially those related to symbolic link creation and file deletion. 4. Implement strong access controls to prevent unauthorized local access. 5. Keep VIPRE Advanced Security and all other software up to date.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Timeline
Feedly found the first article mentioning CVE-2024-5928. See article
Feedly estimated the CVSS score as HIGH
A CVSS base score of 7.8 has been assigned.
Feedly estimated the CVSS score as MEDIUM