CVE-2016-3943 – ‘Panda Security 2016 Business’ – LPE

CVE-2016-3943
Vendor: Panda Security
Reported by: Kyriakos Economou (@kyREcon)
Date of Release: 05/04/2016
Affected Products: Multiple
Affected Version: Panda Endpoint Administration Agent < v7.50.00
Fixed Version: Panda Endpoint Administration Agent v7.50.00

Advisory
Panda Endpoint Administration Agent allows a local attacker to elevate his privileges from any account type and execute code as SYSTEM.

Affected Products
All Panda Security For business products for Windows using this agent service are vulnerable.

Technical Details
Upon installing some Panda Security for business products for Windows, such as Panda Endpoint Protection/Plus, a service named as ‘Panda Endpoint Administration Agent’ is installed in the host. This service runs under the SYSTEM account.

However, due to weak ACLs set to the installation directory (“C:Program FilesPanda SecurityWaAgent”) of this application and its subdirectories, any user can modify or overwrite any executable module (dynamic link libraries and executables) installed in those directories.

Disclosure Log
Vendor Contacted: 12/01/2016
Public Disclosure: 05/04/2016

References
https://labs.nettitude.com/blog/panda-security-multiple-business-products-privilege-escalation/

The A.R.F Project©

CVE-2016-3943 – ‘Panda Security 2016 Business’ – LPE

All Rights R3v3rs3d