CVE-2024-29072

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-29072
A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of privilege.

8.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1989
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1989
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1989
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1989
Configurations

No configuration.

History

21 Nov 2024, 09:07

Type Values Removed Values Added
References () https://talosintelligence.com/vulnerability_reports/TALOS-2024-1989 - () https://talosintelligence.com/vulnerability_reports/TALOS-2024-1989 -
References () https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1989 - () https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1989 -

10 Jun 2024, 18:15

Type Values Removed Values Added
References
  • () https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1989 -
Summary
  • (es) Existe una vulnerabilidad de escalada de privilegios en Foxit Reader 2024.2.0.25138. La vulnerabilidad se produce debido a una validación de certificación inadecuada del ejecutable del actualizador antes de ejecutarlo. Un usuario con privilegios bajos puede desencadenar la acción de actualización, lo que puede resultar en una elevación inesperada de privilegios.

28 May 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-28 14:15

Updated : 2024-11-21 09:07

NVD link : CVE-2024-29072

Mitre link : CVE-2024-29072

CVE.ORG link : CVE-2024-29072

JSON object : View

Products Affected

No product.

CWE
CWE-295

Improper Certificate Validation