CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 2CVE-2019-12042
https://notcve.org/view.php?id=CVE-2019-12042
Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an event (as an encrypted JSON string) to the system service AgentSvc.exe, which leads to privilege escalation when the CmdLineExecute event is queued. This affects Panda Antivirus, Panda Antivirus Pro, Panda Dome, Panda Global Protection, Panda Gold Protection, and Panda Internet Security. Los permisos no seguros del objeto de la sección Global\PandaDevicesAgentSharedMemory y el evento Global\PandaDevicesAgentSharedMemoryChange en los productos de Panda antes de la versión 18.07.03, permiten que los atacantes pongan en cola un evento (como una cadena cifrada JSON) al servicio del sistema AgentSvc.exe, lo que lleva a una escalada de privilegios cuando el evento CmdLineExecute está en cola. Esto afecta a Panda Antivirus, Panda Antivirus Pro, Panda Dome, Panda Global Protection, Panda Gold Protection y Panda Internet Security. • https://github.com/SouhailHammou/Panda-Antivirus-LPE https://rce4fun.blogspot.com/2019/05/panda-antivirus-local-privilege.html https://www.pandasecurity.com/usa/support/card?id=100063 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6322 – Panda Global Security 17.0.1 NULL DACL Grants Full Access
https://notcve.org/view.php?id=CVE-2018-6322
Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \.\pipe\PSANMSrvcPpal -- an "insecurely created named pipe." Ensures full access to Everyone users group. Panda Global Protection 17.0.1 permite que usuarios locales obtengan privilegios o provoquen una denegación de servicio (DoS) suplantando todas las tuberías mediante el uso de \.\pipe\PSANMSrvcPpal, una "tubería nombrada creada de forma no segura". • http://seclists.org/fulldisclosure/2018/Mar/26 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6321 – Panda Global Security 17.0.1 Unquoted Service Path
https://notcve.org/view.php?id=CVE-2018-6321
Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact. Vulnerabilidad de ruta de búsqueda de Windows sin entrecomillar en el servicio panda_url_filtering en Panda Global Protection 17.0.1 permite que usuarios locales obtengan privilegios mediante un artefacto malicioso. Panda Global Security version 17.0.1 suffers from an unquoted service path vulnerability. • http://seclists.org/fulldisclosure/2018/Mar/25 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-17683
https://notcve.org/view.php?id=CVE-2017-17683
Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \\.\PSMEMDriver DeviceIoControl request. Panda Global Protection 17.0.1 permite el cierre inesperado del sistema mediante una petición 0xb3702c44 \\.\PSMEMDriver DeviceIoControl. • https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/Panda-Antivirus/Panda_Security_Antivirus_0xb3702c44 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-17684
https://notcve.org/view.php?id=CVE-2017-17684
Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 \\.\PSMEMDriver DeviceIoControl request. Panda Global Protection 17.0.1 permite el cierre inesperado del sistema mediante una petición 0xb3702c04 \\.\PSMEMDriver DeviceIoControl. • https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/Panda-Antivirus/Panda_Security_Antivirus_0xb3702c04_ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •