Vulnerability Description
Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Watchguard | Panda Endpoint Administration Agent | <= 7.49 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/136606/Panda-Endpoint-Administration-Agent-Third Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2016/Apr/24Mailing ListThird Party Advisory
- https://www.exploit-db.com/exploits/39671/Third Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/136606/Panda-Endpoint-Administration-Agent-Third Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2016/Apr/24Mailing ListThird Party Advisory
- https://www.exploit-db.com/exploits/39671/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2016-3943?
CVE-2016-3943 is a vulnerability with a CVSS score of 7.8 (HIGH). Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which all...
How severe is CVE-2016-3943?
CVE-2016-3943 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-3943?
Check the references section above for vendor advisories and patch information. Affected products include: Watchguard Panda Endpoint Administration Agent.