Security Advisory

CVE-2022-39959

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-10-07 00:00:00

Last updated 2024-08-03 12:07:42

Assigner mitre

State PUBLISHED

Description

Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%PaniniEverest EngineEverestEngine.exe and therefore a Trojan horse %PROGRAMDATA%PaniniEverest.exe may be executed instead of the intended vendor-supplied EverestEngine.exe file.

← Browse all CVEs View on cve.org ↗