CVE-2024-13043 is a local privilege escalation vulnerability identified in Panda Security Dome, specifically in version 22.02.01. The root cause is an improper link resolution before file access, classified under CWE-59 ('Link Following'). This vulnerability resides in the Hotspot Shield component of the product. An attacker who already has the ability to execute code with low privileges on the affected system can exploit this flaw by creating a junction (a type of symbolic link in Windows) that manipulates the application's file deletion logic. By abusing this junction, the attacker can cause the application to delete arbitrary files, which can lead to privilege escalation. Ultimately, this allows the attacker to execute arbitrary code with SYSTEM-level privileges, effectively taking full control of the system. The vulnerability does not require user interaction but does require the attacker to have some initial code execution capability on the target machine. The CVSS v3.0 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability. The vulnerability was assigned by the Zero Day Initiative (ZDI) as ZDI-CAN-23478 and was published on December 30, 2024. No patches or exploits in the wild have been reported at the time of publication.

If successfully exploited, this vulnerability allows an attacker with limited local access to escalate privileges to SYSTEM level, which is the highest privilege on Windows systems. This can lead to full system compromise, including the ability to install persistent malware, disable security controls, access sensitive data, and disrupt system availability. Organizations relying on Panda Security Dome for endpoint protection could see their defenses bypassed, potentially enabling further lateral movement within networks. The impact is particularly severe in environments where endpoint security is critical, such as financial institutions, government agencies, healthcare providers, and critical infrastructure. Since exploitation requires local code execution, initial compromise vectors such as phishing or other malware infections could be leveraged to chain attacks. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as proof-of-concept exploits may emerge.

Organizations should immediately verify if they are running Panda Security Dome version 22.02.01 and prioritize upgrading to a patched version once available. Until a patch is released, mitigate risk by restricting local user permissions to prevent unauthorized code execution, especially for untrusted users. Employ application whitelisting and endpoint detection and response (EDR) solutions to monitor for suspicious junction creation or file deletion activities. Regularly audit and harden file system permissions to limit the impact of arbitrary file deletions. Network segmentation and the principle of least privilege can reduce the likelihood of initial low-privileged code execution. Additionally, monitor vendor advisories and threat intelligence feeds for updates or proof-of-concept exploit disclosures. Incident response teams should prepare to detect and respond to potential exploitation attempts involving privilege escalation via file system manipulation.