From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Name: (0Day) Panda Security Dome Link Following Local Privilege Escalation Vulnerability 2. Vulnerability ID: ZDI-24-1016, ZDI-CAN-23375 3. CVE ID: CVE-2024-7241 4. CVSS Score: 7.8, AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 5. Affected Vendor: Panda Security 6. Affected Product: Dome 7. Vulnerability Details: - Allows a local attacker to escalate privileges on an affected Panda Security Dome installation. - The attacker must first gain the ability to execute low-privilege code on the target system. - A specific flaw exists in the PSANHost service. By creating a connection, an attacker can abuse the service to create arbitrary files. This vulnerability can be exploited to escalate privileges and execute arbitrary code in the SYSTEM context. 8. Additional Details: - February 6, 2024: ZDI reported the vulnerability to the vendor’s security team. - February 6, 2024: The vendor’s security team advised ZDI to submit the report to WatchGuard PSIRT. - February 13, 2024: ZDI submitted the report to WatchGuard PSIRT. - June 19, 2024: ZDI requested an update and notified the vendor that the case would be disclosed as a 0-day vulnerability. - July 26, 2024: ZDI notified the vendor that, due to lack of response, the report would be published as a 0-day vulnerability on July 29, 2024. 9. Mitigation: Due to the nature of the vulnerability, the only mitigation strategy is to restrict interaction with the application. 10. Disclosure Timeline: - February 6, 2024 – Vulnerability reported to vendor. - July 29, 2024 – Coordinated public disclosure. - August 15, 2024 – Advisory updated. 11. Credit: Provided by Nicholas Zubrisky (@NZubrisky) and Michael DePlante (@izobashi) of Trend Micro’s Zero Day Initiative.