Plattform
windows
Komponente
comodo-internet-security-pro
Behoben in
12.2.5
CVE-2024-7248 is a directory traversal vulnerability discovered in Comodo Internet Security Pro. This flaw allows local attackers to escalate privileges by manipulating file paths within the update process. The vulnerability impacts versions 12.2.4.8032 through 12.2.4.8032. A fix is expected from Comodo, and users are advised to monitor for updates.
Successful exploitation of CVE-2024-7248 allows a local attacker to bypass security restrictions and gain elevated privileges on the affected system. This can lead to unauthorized access to sensitive data, modification of system configurations, and potentially complete control over the compromised machine. The attacker needs to have the ability to execute low-privileged code initially. The lack of proper input validation in the update mechanism is the root cause, enabling the attacker to craft malicious file paths that bypass intended security checks. This vulnerability shares similarities with other directory traversal exploits where attackers leverage flawed file handling routines to access restricted resources.
CVE-2024-7248 was publicly disclosed on 2024-07-29. The vulnerability's severity is rated as HIGH (CVSS 7.8). Currently, there are no known public exploits or active campaigns targeting this vulnerability. Its inclusion on the CISA KEV catalog is pending. The availability of a proof-of-concept (POC) would significantly increase the risk of exploitation.
Users of Comodo Internet Security Pro, particularly those running versions 12.2.4.8032 through 12.2.4.8032, are at risk. Systems with limited user access controls and those that automatically download and install updates without verification are especially vulnerable. Shared hosting environments utilizing Comodo Internet Security Pro are also at increased risk.
• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*Comodo*'} | Format-List TaskName, State• windows / supply-chain:
Get-Process | Where-Object {$_.ProcessName -like '*Comodo*'} | Format-List ProcessName, Id, CPU• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='Comodo Internet Security Pro']]]" | Format-List TimeCreated, Messagedisclosure
Exploit-Status
EPSS
0.10% (28% Perzentil)
CISA SSVC
CVSS-Vektor
Given the lack of a released patch, immediate mitigation strategies are crucial. Restrict access to the Comodo Internet Security Pro installation directory to prevent unauthorized modification of update files. Implement strict file access controls to limit the privileges of the user account running the application. Consider disabling automatic updates until a patch is available and thoroughly vetted. Monitor system logs for suspicious file access attempts and unusual process activity. While a direct WAF rule is unlikely to be effective, network segmentation can limit the blast radius of a successful exploit.
Actualice Comodo Internet Security Pro a una versión posterior a 12.2.4.8032. Esto solucionará la vulnerabilidad de escalada de privilegios por recorrido de directorios.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-7248 is a directory traversal vulnerability in Comodo Internet Security Pro versions 12.2.4.8032–12.2.4.8032, allowing local attackers to escalate privileges by manipulating file paths during updates.
You are affected if you are using Comodo Internet Security Pro version 12.2.4.8032–12.2.4.8032. Check your version and upgrade as soon as a patch is available.
The recommended fix is to upgrade to the patched version of Comodo Internet Security Pro. Monitor Comodo's website for updates and apply them promptly.
Currently, there is no evidence of active exploitation campaigns targeting CVE-2024-7248, but its HIGH severity warrants immediate attention and patching.
Refer to the official Comodo website and security advisories for the latest information and updates regarding CVE-2024-7248.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.