CWE-59
AllowedImproper Link Resolution Before File Access ('Link Following')
Abstraction: Base · Status: Draft
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
1988 vulnerabilities reference this CWE, most recent first.
CVE-2024-8404 (GCVE-0-2024-8404)
Vulnerability from cvelistv5 – Published: 2024-09-26 01:42 – Updated: 2025-05-13 01:39- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| Vendor | Product | Version | |
|---|---|---|---|
| PaperCut | PaperCut NG, PaperCut MF |
Affected:
0 , < 24.1.7
(custom)
|
|
| papercut | papercut_mf |
Affected:
0 , < 23.0.9
(custom)
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:* |
|
| papercut | papercut_ng |
Affected:
0 , < 23.0.9
(custom)
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "papercut_mf",
"vendor": "papercut",
"versions": [
{
"lessThan": "23.0.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "papercut_ng",
"vendor": "papercut",
"versions": [
{
"lessThan": "23.0.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T14:59:11.788417Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T15:01:21.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web Print"
],
"platforms": [
"Windows"
],
"product": "PaperCut NG, PaperCut MF",
"vendor": "PaperCut",
"versions": [
{
"changes": [
{
"at": "24.1.7",
"status": "unaffected"
}
],
"lessThan": "24.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Amol Dosanjh of Trend Micro"
},
{
"lang": "en",
"type": "finder",
"value": "Nicholas Zubrisky (@NZubrisky) of Trend Micro"
},
{
"lang": "en",
"type": "finder",
"value": "Michael DePlante (@izobashi) of Trend Micro\u0027s ZDI"
}
],
"datePublic": "2024-09-26T01:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAn arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder. \u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eImportant: In most installations, this risk is mitigated by the default Windows Server configuration, which restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eUpdate:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThis CVE has been updated in May 2025 to update the fixed version and fix process. Please refer to the May 2025 Security Bulletin.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eNote: \u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThis CVE has been split from CVE-2024-3037.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder. \n\nImportant: In most installations, this risk is mitigated by the default Windows Server configuration, which restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server.\n\nUpdate:\n\nThis CVE has been updated in May 2025 to update the fixed version and fix process. Please refer to the May 2025 Security Bulletin.\n\nNote: \n\nThis CVE has been split from CVE-2024-3037."
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T01:39:33.742Z",
"orgId": "eb41dac7-0af8-4f84-9f6d-0272772514f4",
"shortName": "PaperCut"
},
"references": [
{
"url": "https://www.papercut.com/kb/Main/Security-Bulletin-May-2025/"
},
{
"url": "https://www.papercut.com/kb/Main/Security-Bulletin-May-2024/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary File Deletion in PaperCut NG/MF Web Print Hot folder",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb41dac7-0af8-4f84-9f6d-0272772514f4",
"assignerShortName": "PaperCut",
"cveId": "CVE-2024-8404",
"datePublished": "2024-09-26T01:42:49.400Z",
"dateReserved": "2024-09-04T05:55:44.460Z",
"dateUpdated": "2025-05-13T01:39:33.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7252 (GCVE-0-2024-7252)
Vulnerability from cvelistv5 – Published: 2024-07-29 21:18 – Updated: 2024-08-01 21:52- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Comodo | Internet Security Pro |
Affected:
12.2.4.8032
|
|
| comodo | internet_security |
Affected:
12.2.4.8032
cpe:2.3:a:comodo:internet_security:12.2.4.8032:*:*:*:premium:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:comodo:internet_security:12.2.4.8032:*:*:*:premium:*:*:*"
],
"defaultStatus": "unknown",
"product": "internet_security",
"vendor": "comodo",
"versions": [
{
"status": "affected",
"version": "12.2.4.8032"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7252",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T00:31:56.949870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T00:33:27.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-24-957",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-957/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Internet Security Pro",
"vendor": "Comodo",
"versions": [
{
"status": "affected",
"version": "12.2.4.8032"
}
]
}
],
"dateAssigned": "2024-07-29T21:10:15.188Z",
"datePublic": "2024-07-23T21:50:15.283Z",
"descriptions": [
{
"lang": "en",
"value": "Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the cmdagent executable. By creating a symbolic link, an attacker can abuse the agent to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22831."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T21:18:26.806Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-957",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-957/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-7252",
"datePublished": "2024-07-29T21:18:26.806Z",
"dateReserved": "2024-07-29T21:10:15.156Z",
"dateUpdated": "2024-08-01T21:52:31.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7251 (GCVE-0-2024-7251)
Vulnerability from cvelistv5 – Published: 2024-07-29 21:18 – Updated: 2024-08-01 21:52- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Comodo | Internet Security Pro |
Affected:
12.2.4.8032
|
|
| comodo | internet_security |
Affected:
12.2.4.8032
cpe:2.3:a:comodo:internet_security:12.2.4.8032:*:*:*:premium:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:comodo:internet_security:12.2.4.8032:*:*:*:premium:*:*:*"
],
"defaultStatus": "unknown",
"product": "internet_security",
"vendor": "comodo",
"versions": [
{
"status": "affected",
"version": "12.2.4.8032"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7251",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T00:28:45.586196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T00:29:14.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-24-956",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-956/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Internet Security Pro",
"vendor": "Comodo",
"versions": [
{
"status": "affected",
"version": "12.2.4.8032"
}
]
}
],
"dateAssigned": "2024-07-29T21:10:06.639Z",
"datePublic": "2024-07-23T21:50:08.055Z",
"descriptions": [
{
"lang": "en",
"value": "Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the cmdagent executable. By creating a symbolic link, an attacker can abuse the agent to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22832."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T21:18:22.094Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-956",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-956/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-7251",
"datePublished": "2024-07-29T21:18:22.094Z",
"dateReserved": "2024-07-29T21:10:06.608Z",
"dateUpdated": "2024-08-01T21:52:31.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7250 (GCVE-0-2024-7250)
Vulnerability from cvelistv5 – Published: 2024-07-29 21:18 – Updated: 2024-08-01 21:52- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Comodo | Internet Security Pro |
Affected:
12.2.4.8032
|
|
| comodo | internet_security |
Affected:
12.2.4.8032
cpe:2.3:a:comodo:internet_security:12.2.4.8032:*:*:*:premium:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:comodo:internet_security:12.2.4.8032:*:*:*:premium:*:*:*"
],
"defaultStatus": "unknown",
"product": "internet_security",
"vendor": "comodo",
"versions": [
{
"status": "affected",
"version": "12.2.4.8032"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T00:28:05.627235Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T00:28:11.153Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-24-955",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-955/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Internet Security Pro",
"vendor": "Comodo",
"versions": [
{
"status": "affected",
"version": "12.2.4.8032"
}
]
}
],
"dateAssigned": "2024-07-29T21:09:58.565Z",
"datePublic": "2024-07-23T21:50:02.610Z",
"descriptions": [
{
"lang": "en",
"value": "Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the cmdagent executable. By creating a symbolic link, an attacker can abuse the agent to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22829."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T21:18:17.745Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-955",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-955/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-7250",
"datePublished": "2024-07-29T21:18:17.745Z",
"dateReserved": "2024-07-29T21:09:58.526Z",
"dateUpdated": "2024-08-01T21:52:31.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7249 (GCVE-0-2024-7249)
Vulnerability from cvelistv5 – Published: 2024-07-29 21:18 – Updated: 2024-08-01 21:52- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:comodo:firewall:12.2.2.8012:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firewall",
"vendor": "comodo",
"versions": [
{
"status": "affected",
"version": "12.2.2.8012"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7249",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T00:32:12.710225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T00:33:10.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-24-954",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-954/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Firewall",
"vendor": "Comodo",
"versions": [
{
"status": "affected",
"version": "12.2.2.8012"
}
]
}
],
"dateAssigned": "2024-07-29T21:09:52.231Z",
"datePublic": "2024-07-23T21:49:54.170Z",
"descriptions": [
{
"lang": "en",
"value": "Comodo Firewall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Firewall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the cmdagent executable. By creating a symbolic link, an attacker can abuse the application to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21794."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T21:18:13.300Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-954",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-954/"
}
],
"source": {
"lang": "en",
"value": "Amol Dosanjh of Trend Micro and Michael DePlante (@izobashi) of Trend Micro\u0027s Zero Day Initiative"
},
"title": "Comodo Firewall Link Following Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-7249",
"datePublished": "2024-07-29T21:18:13.300Z",
"dateReserved": "2024-07-29T21:09:52.198Z",
"dateUpdated": "2024-08-01T21:52:31.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7243 (GCVE-0-2024-7243)
Vulnerability from cvelistv5 – Published: 2024-11-22 21:12 – Updated: 2024-12-03 17:45- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Panda Security | Dome |
Affected:
22.02.01
|
|
| pandasecurity | panda_dome |
Affected:
22.02.01
cpe:2.3:a:pandasecurity:panda_dome:22.02.01:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pandasecurity:panda_dome:22.02.01:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "panda_dome",
"vendor": "pandasecurity",
"versions": [
{
"status": "affected",
"version": "22.02.01"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7243",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T15:15:12.659422Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T17:45:01.091Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Dome",
"vendor": "Panda Security",
"versions": [
{
"status": "affected",
"version": "22.02.01"
}
]
}
],
"dateAssigned": "2024-07-29T20:31:07.527Z",
"datePublic": "2024-07-29T21:37:47.719Z",
"descriptions": [
{
"lang": "en",
"value": "Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the PSANHost executable. By creating a junction, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23413."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:12:33.175Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1013",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1013/"
}
],
"source": {
"lang": "en",
"value": "Nicholas Zubrisky (@NZubrisky) and Michael DePlante (@izobashi) of Trend Micro\u0027s Zero Day Initiative"
},
"title": "Panda Security Dome Link Following Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-7243",
"datePublished": "2024-11-22T21:12:33.175Z",
"dateReserved": "2024-07-29T20:31:07.501Z",
"dateUpdated": "2024-12-03T17:45:01.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7242 (GCVE-0-2024-7242)
Vulnerability from cvelistv5 – Published: 2024-11-22 21:12 – Updated: 2024-12-03 17:37- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Panda Security | Dome |
Affected:
22.02.01
|
|
| pandasecurity | panda_dome |
Affected:
22.02.01
cpe:2.3:a:pandasecurity:panda_dome:22.02.01:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pandasecurity:panda_dome:22.02.01:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "panda_dome",
"vendor": "pandasecurity",
"versions": [
{
"status": "affected",
"version": "22.02.01"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T15:15:08.042408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T17:37:04.616Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Dome",
"vendor": "Panda Security",
"versions": [
{
"status": "affected",
"version": "22.02.01"
}
]
}
],
"dateAssigned": "2024-07-29T20:30:50.700Z",
"datePublic": "2024-07-29T21:38:13.429Z",
"descriptions": [
{
"lang": "en",
"value": "Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the PSANHost executable. By creating a junction, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23402."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:12:48.569Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1017",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1017/"
}
],
"source": {
"lang": "en",
"value": "Nicholas Zubrisky (@NZubrisky) and Michael DePlante (@izobashi) of Trend Micro\u0027s Zero Day Initiative"
},
"title": "Panda Security Dome Link Following Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-7242",
"datePublished": "2024-11-22T21:12:48.569Z",
"dateReserved": "2024-07-29T20:30:50.668Z",
"dateUpdated": "2024-12-03T17:37:04.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7241 (GCVE-0-2024-7241)
Vulnerability from cvelistv5 – Published: 2024-11-22 21:12 – Updated: 2024-12-03 17:37- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Panda Security | Dome |
Affected:
22.02.01
|
|
| pandasecurity | panda_dome |
Affected:
22.02.01
cpe:2.3:a:pandasecurity:panda_dome:22.02.01:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pandasecurity:panda_dome:22.02.01:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "panda_dome",
"vendor": "pandasecurity",
"versions": [
{
"status": "affected",
"version": "22.02.01"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7241",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T15:15:09.486641Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T17:37:13.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Dome",
"vendor": "Panda Security",
"versions": [
{
"status": "affected",
"version": "22.02.01"
}
]
}
],
"dateAssigned": "2024-07-29T20:30:22.858Z",
"datePublic": "2024-07-29T21:38:06.290Z",
"descriptions": [
{
"lang": "en",
"value": "Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the PSANHost service. By creating a junction, an attacker can abuse the service to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23375."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:12:44.945Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1016",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1016/"
}
],
"source": {
"lang": "en",
"value": "Nicholas Zubrisky (@NZubrisky) and Michael DePlante (@izobashi) of Trend Micro\u0027s Zero Day Initiative"
},
"title": "Panda Security Dome Link Following Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-7241",
"datePublished": "2024-11-22T21:12:44.945Z",
"dateReserved": "2024-07-29T20:30:22.831Z",
"dateUpdated": "2024-12-03T17:37:13.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7240 (GCVE-0-2024-7240)
Vulnerability from cvelistv5 – Published: 2024-11-22 21:12 – Updated: 2024-12-05 14:26- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:f-secure:total:19.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "total",
"vendor": "f-secure",
"versions": [
{
"status": "affected",
"version": "19.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7240",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T15:15:14.271022Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T14:26:55.438Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Total",
"vendor": "F-Secure",
"versions": [
{
"status": "affected",
"version": "19.2"
}
]
}
],
"dateAssigned": "2024-07-29T20:29:05.850Z",
"datePublic": "2024-07-29T21:37:42.695Z",
"descriptions": [
{
"lang": "en",
"value": "F-Secure Total Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of F-Secure Total. User interaction on the part of an administrator is required to exploit this vulnerability.\n\nThe specific flaw exists within the WithSecure plugin hosting service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23005."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:12:29.581Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1012",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1012/"
}
],
"source": {
"lang": "en",
"value": "Nicholas Zubrisky (@NZubrisky) and Michael DePlante (@izobashi) of Trend Micro\u0027s Zero Day Initiative"
},
"title": "F-Secure Total Link Following Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-7240",
"datePublished": "2024-11-22T21:12:29.581Z",
"dateReserved": "2024-07-29T20:29:05.822Z",
"dateUpdated": "2024-12-05T14:26:55.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7239 (GCVE-0-2024-7239)
Vulnerability from cvelistv5 – Published: 2024-11-22 21:12 – Updated: 2024-12-03 17:45- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| VIPRE | Advanced Security |
Affected:
12.0.1.214
|
|
| vipre | advanced_security |
Affected:
12.0.1.214
cpe:2.3:a:vipre:advanced_security:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vipre:advanced_security:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "advanced_security",
"vendor": "vipre",
"versions": [
{
"status": "affected",
"version": "12.0.1.214"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7239",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T15:15:17.920500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T17:45:01.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Advanced Security",
"vendor": "VIPRE",
"versions": [
{
"status": "affected",
"version": "12.0.1.214"
}
]
}
],
"dateAssigned": "2024-07-29T20:28:27.106Z",
"datePublic": "2024-07-29T21:37:31.358Z",
"descriptions": [
{
"lang": "en",
"value": "VIPRE Advanced Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Anti Malware Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22314."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:12:17.643Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1010",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1010/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "VIPRE Advanced Security Link Following Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-7239",
"datePublished": "2024-11-22T21:12:17.643Z",
"dateReserved": "2024-07-29T20:28:27.078Z",
"dateUpdated": "2024-12-03T17:45:01.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation MIT-48.1
Strategy: Separation of Privilege
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack
An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.
CAPEC-17: Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.