CVE-2024-27359 is a denial of service (DoS) vulnerability identified in several WithSecure security products, including Client Security 15, Server Security 15, Email and Server Security 15, Elements Endpoint Protection 17 and later, Client Security for Mac 15, Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0, Linux Protection 12.0, and Atlant 1.0.35-1. The root cause is that the engine scanner component, responsible for analyzing archive files, can enter an infinite loop when processing specially crafted archive files. This infinite loop causes the affected product to consume excessive CPU resources and become unresponsive, effectively resulting in a denial of service condition. The vulnerability is classified under CWE-835 (Loop with Unreachable Exit Condition), indicating a logic flaw in loop termination. The CVSS v3.1 base score is 7.5 (high), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), but high impact on availability (A:H). This means an attacker can remotely trigger the vulnerability without authentication or user interaction by submitting a malicious archive file for scanning. The affected products span multiple operating systems and deployment scenarios, including endpoint, server, email, and Linux security solutions, increasing the scope of impact. No patches or exploit code are currently publicly available, and no known exploits in the wild have been reported. However, the vulnerability poses a significant risk to operational continuity of security services provided by WithSecure products.

The primary impact of CVE-2024-27359 is denial of service, which can disrupt the availability of critical security products protecting endpoints, servers, email systems, and Linux environments. This disruption can leave organizations temporarily unprotected against other threats, increasing their risk exposure. Since the vulnerability can be triggered remotely without authentication or user interaction, attackers can easily exploit it to degrade or disable security defenses at scale. This could be leveraged as part of a larger attack campaign to create windows of opportunity for further compromise. Organizations with high reliance on WithSecure products, especially in sectors like finance, healthcare, government, and critical infrastructure, may face operational interruptions and potential regulatory compliance issues if security controls are disabled. The broad range of affected platforms and product lines increases the likelihood of widespread impact across diverse IT environments globally.

Organizations should monitor WithSecure’s official channels for patches addressing CVE-2024-27359 and apply them promptly once available. Until patches are released, consider implementing the following mitigations: 1) Restrict or monitor the types of archive files submitted for scanning, especially from untrusted sources, to reduce exposure to malicious archives. 2) Deploy network-level protections such as intrusion detection/prevention systems (IDS/IPS) to detect and block suspicious archive file transfers. 3) Isolate or sandbox scanning processes where possible to limit the impact of potential infinite loops on critical systems. 4) Implement resource usage monitoring and automated process restarts to quickly recover from potential hangs caused by the vulnerability. 5) Review and tighten access controls to WithSecure management interfaces to prevent unauthorized triggering of scans. 6) Conduct internal testing with crafted archive files to understand the vulnerability’s behavior and validate mitigation effectiveness. These targeted steps go beyond generic advice by focusing on limiting exposure to malicious archives and minimizing operational impact until official fixes are deployed.