Vulnerabilities > CVE-2018-6322 - Unspecified vulnerability in Pandasecurity Panda Global Protection 17.0.1

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

pandasecurity

NVD

Published: 2018-03-12

Updated: 2019-10-03

Summary

Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \.\pipe\PSANMSrvcPpal -- an "insecurely created named pipe." Ensures full access to Everyone users group.

Vulnerable Configurations

Part	Description	Count
Application	Pandasecurity Pandasecurity Panda Global Protection 17.0.1	1

Packetstorm

data source	https://packetstormsecurity.com/files/download/146708/TSI-ADV172018.txt
id	PACKETSTORM:146708
last seen	2018-03-23
published	2018-03-08
reporter	Felipe Xavier Oliveira
source	https://packetstormsecurity.com/files/146708/Panda-Global-Security-17.0.1-NULL-DACL-Grants-Full-Access.html
title	Panda Global Security 17.0.1 NULL DACL Grants Full Access

References

http://seclists.org/fulldisclosure/2018/Mar/26