CVE-2024-30376 is a high-severity local privilege escalation vulnerability affecting Famatech Advanced IP Scanner version 2.5.4594.1. The root cause is an uncontrolled search path element (CWE-427) in the way the application loads Qt plugins. Specifically, the application loads these plugins from an unsecured directory, allowing an attacker who already has low-privileged code execution on the system to place malicious Qt plugin files in the search path. When the application loads these plugins, it inadvertently executes the attacker's code with elevated privileges, typically administrator level. This vulnerability requires the attacker to have local access and the ability to run code with limited privileges, as well as some user interaction to trigger the plugin loading. The vulnerability affects the integrity and confidentiality of the system by allowing arbitrary code execution with elevated rights, and availability may also be impacted if the attacker disrupts system operations. The vulnerability was assigned CVSS v3.0 score 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H), reflecting that it is exploitable locally with low complexity, requires some privileges and user interaction, and impacts all three security properties. No patches or official fixes are currently linked, and no known exploits have been reported in the wild as of the publication date. The vulnerability was reported by the Zero Day Initiative (ZDI) as ZDI-CAN-20768.

The primary impact of CVE-2024-30376 is that an attacker who has already gained limited local access to a system running the vulnerable version of Famatech Advanced IP Scanner can escalate their privileges to administrator level. This elevation enables the attacker to execute arbitrary code with high privileges, potentially leading to full system compromise. Confidential data on the system may be exposed or altered, system integrity can be undermined, and availability may be disrupted through malicious actions. Organizations relying on this software for network scanning and management could see attackers leverage this vulnerability to move laterally within networks, establish persistence, or disable security controls. Since the vulnerability requires local access and some user interaction, remote exploitation is not feasible without prior foothold. However, in environments where multiple users share systems or where attackers can trick users into running low-privileged code, the risk is significant. The absence of known exploits in the wild reduces immediate risk but does not eliminate it, as proof-of-concept exploits may emerge. The vulnerability is particularly impactful in enterprise, government, and critical infrastructure environments where Advanced IP Scanner is used for network inventory and management.

To mitigate CVE-2024-30376, organizations should first check for and apply any official patches or updates from Famatech once available. In the absence of a patch, administrators should restrict local user permissions to minimize the ability of low-privileged users to write to directories used by Advanced IP Scanner for Qt plugin loading. Specifically, verify and harden the plugin search paths to ensure they point only to trusted, secured directories. Employ application whitelisting to prevent unauthorized code execution and monitor file system changes in plugin directories. Limit user interaction by educating users about the risks of running untrusted code and avoid running Advanced IP Scanner with elevated privileges unless necessary. Additionally, consider isolating systems running this software to reduce the risk of lateral movement. Regularly audit systems for signs of privilege escalation attempts and maintain robust endpoint detection and response (EDR) capabilities to detect anomalous plugin loading or code execution patterns. Finally, review and tighten local access controls and user rights to reduce the attack surface.