WatchGuard/Panda EPDR Privilege Escalation via PSANHost (CVE-2024-8424)

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Title: WatchGuard Endpoint Protection Privilege Escalation in PSANHost Enables Arbitrary File Delete as SYSTEM - Vulnerability ID: WGSA-2024-00017 - CVE Number: CVE-2024-8424 - Severity: High - Status: Resolved - Product Family: Endpoint - Release Date: November 7, 2024 - Update Date: November 7, 2024 - Patch Available: Yes - CVSS Score: 7.8 - CVSS Vector: CVSS3.1:AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - Summary: An improper privilege management vulnerability in the Windows module PSANHost.exe (used in WatchGuard EPDR, Panda AD360, and Panda Dome) allows deletion of arbitrary files with SYSTEM privileges on affected systems. 2. Affected Products: - EPDR: Versions prior to 8.00.23.0000 - Panda AD360: Versions prior to 8.00.23.0000 - Panda Dome: Versions prior to 22.03.00 3. Solution: - EPDR: 8.00.23.0000 - Panda AD360: 8.00.23.0000 - Panda Dome: 22.03.00 4. Credit: - Discovered by an anonymous researcher in collaboration with Trend Micro Zero Day Initiative. 5. Affected Product List: - Product Family: Endpoint - Product Branch: Panda Dome - Product List: Essential, Advanced, Complete, Premium - Product Family: Endpoint - Product Branch: WatchGuard EPDR - Product List: EPP, EDR, EPDR - Product Family: Endpoint - Product Branch: Panda AD360 - Product List: AD360 This information provides detailed descriptions of the vulnerability, affected products, solutions, and credit details.

Goal Reached Thanks to every supporter — we hit 100%!

WatchGuard/Panda EPDR Privilege Escalation via PSANHost (CVE-2024-8424)