CVE-2024-7250

Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the cmdagent executable. By creating a symbolic link, an attacker can abuse the agent to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22829.

Published: Jul 30, 2024
Updated: Aug 21, 2024
CVE: CVE-2024-7250
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-59

Affected Software
References

Software	From	Fixed in
comodo / internet_security	12.2.4.8032	12.2.4.8032.x

https://www.zerodayinitiative.com/advisories/ZDI-24-955/

Vulnerability Database

289,697

CVE-2024-7250