Plataforma
windows
Componente
comodo-internet-security-pro
Corrigido em
12.2.5
CVE-2024-7248 is a directory traversal vulnerability discovered in Comodo Internet Security Pro. This flaw allows local attackers to escalate privileges by manipulating file paths within the update process. The vulnerability impacts versions 12.2.4.8032 through 12.2.4.8032. A fix is expected from Comodo, and users are advised to monitor for updates.
Successful exploitation of CVE-2024-7248 allows a local attacker to bypass security restrictions and gain elevated privileges on the compromised system. This can lead to complete control over the affected machine, including the ability to install malware, access sensitive data, and modify system configurations. The attack leverages the update mechanism, a critical component for maintaining system security, making it a particularly concerning vulnerability. The lack of proper input validation in file operations is the root cause, enabling attackers to craft malicious paths that bypass intended security checks. This vulnerability shares similarities with other directory traversal exploits where attackers manipulate file paths to access unauthorized resources.
CVE-2024-7248 was publicly disclosed on 2024-07-29. Currently, there is no indication of active exploitation campaigns targeting this vulnerability. No public proof-of-concept (POC) code has been released. The vulnerability's severity is rated HIGH (CVSS 7.8), indicating a significant potential for exploitation if left unaddressed. It is not currently listed on the CISA KEV catalog.
Users of Comodo Internet Security Pro, particularly those running versions 12.2.4.8032 through 12.2.4.8032, are at risk. Systems with limited user access controls and those that automatically download and install updates without verification are especially vulnerable. Shared hosting environments utilizing Comodo Internet Security Pro are also at increased risk.
• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*Comodo*'} | Format-List TaskName, State• windows / supply-chain:
Get-Process | Where-Object {$_.ProcessName -like '*Comodo*'} | Format-List ProcessName, Id, CPU• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='Comodo Internet Security Pro']]]" | Format-List TimeCreated, Messagedisclosure
Status do Exploit
EPSS
0.10% (percentil 28%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2024-7248 is to upgrade to the patched version of Comodo Internet Security Pro as soon as it becomes available. Until the patch is applied, consider disabling automatic updates and manually verifying the integrity of downloaded updates before installation. While a direct workaround is unavailable, restricting user access to the update directory and implementing strict file access controls can help reduce the attack surface. Monitor system logs for unusual file access patterns or attempts to access sensitive files outside of expected locations. After upgrade, confirm the vulnerability is resolved by attempting to trigger the traversal path with a benign test file.
Actualice Comodo Internet Security Pro a una versión posterior a 12.2.4.8032. Esto solucionará la vulnerabilidad de escalada de privilegios por recorrido de directorios.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-7248 is a directory traversal vulnerability in Comodo Internet Security Pro versions 12.2.4.8032–12.2.4.8032, allowing local attackers to escalate privileges by manipulating file paths during updates.
You are affected if you are using Comodo Internet Security Pro version 12.2.4.8032–12.2.4.8032. Check your version and upgrade as soon as a patch is available.
The recommended fix is to upgrade to the patched version of Comodo Internet Security Pro. Monitor Comodo's website for updates and apply them promptly.
Currently, there is no evidence of active exploitation campaigns targeting CVE-2024-7248, but its HIGH severity warrants immediate attention and patching.
Refer to the official Comodo website and security advisories for the latest information and updates regarding CVE-2024-7248.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.