Multiple vulnerabilities in Panda Global Protection

Published: 2017-12-14 | Updated: 2020-08-08

Risk	Medium
Patch available	YES
Number of vulnerabilities	4
CVE-ID	CVE-2018-6321 CVE-2018-6322 CVE-2017-17683 CVE-2017-17684
CWE-ID	CWE-428 CWE-20 CWE-119
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Panda Global Protection Client/Desktop applications / Antivirus software/Personal firewalls
Vendor	Panda Security SL

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Unquoted Search Path or Element

EUVDB-ID: #VU37443

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-6321

CWE-ID: CWE-428 - Unquoted Search Path or Element

Exploit availability: No

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Panda Global Protection: 17.0.1

CPE2.3

cpe:2.3:a:panda_security_sl:panda_global_protection:17.0.1:*:*:*:*:*:*:*

External links

https://seclists.org/fulldisclosure/2018/Mar/25

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU37444

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-6322

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of .pipePSANMSrvcPpal -- an "insecurely created named pipe." Ensures full access to Everyone users group.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Panda Global Protection: 17.0.1

CPE2.3

cpe:2.3:a:panda_security_sl:panda_global_protection:17.0.1:*:*:*:*:*:*:*

External links

https://seclists.org/fulldisclosure/2018/Mar/26

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU37759

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-17683

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \.PSMEMDriver DeviceIoControl request.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Panda Global Protection: 17.0.1

CPE2.3

cpe:2.3:a:panda_security_sl:panda_global_protection:17.0.1:*:*:*:*:*:*:*

External links

https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/Panda-Antivirus/Panda_Security_Antivirus_0xb3702c44

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU37760

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-17684

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 \.PSMEMDriver DeviceIoControl request.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Panda Global Protection: 17.0.1

CPE2.3

cpe:2.3:a:panda_security_sl:panda_global_protection:17.0.1:*:*:*:*:*:*:*

External links

https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/Panda-Antivirus/Panda_Security_Antivirus_0xb3702c04_

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.