Vulnerability Description
Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the service startup process by inserting malicious code in the system root path, enabling unauthorized code execution during application startup or system reboot.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tosi | Tosibox Key | <= 3.3.0 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://packetstormsecurity.com/files/177260/Third Party Advisory
- https://www.tosi.net/Product
- https://www.vulncheck.com/advisories/tosibox-key-service-local-privilege-escalatThird Party Advisory
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5812.phpExploitThird Party Advisory
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5812.phpExploitThird Party Advisory
FAQ
What is CVE-2024-58315?
CVE-2024-58315 is a vulnerability with a CVSS score of 7.8 (HIGH). Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the ...
How severe is CVE-2024-58315?
CVE-2024-58315 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-58315?
Check the references section above for vendor advisories and patch information. Affected products include: Tosi Tosibox Key, Microsoft Windows.