CVE-2024-7243 is a local privilege escalation vulnerability identified in Panda Security Dome version 22.02.01, caused by improper link resolution before file access (CWE-59) in the PSANHost executable. The vulnerability allows an attacker who already has the ability to execute code with low privileges on the target system to escalate those privileges to SYSTEM level. The attack vector involves creating a junction (a type of symbolic link in Windows) that the PSANHost service follows improperly, enabling the attacker to create arbitrary files in locations that would normally require elevated privileges. This flaw stems from the service's failure to securely handle link resolution, allowing it to be tricked into overwriting or creating files with SYSTEM-level permissions. The attacker can then execute arbitrary code with these elevated privileges, compromising the system's confidentiality, integrity, and availability. The CVSS v3.0 score of 7.8 reflects the high impact and relatively low complexity of exploitation, requiring only local access and no user interaction. Although no public exploits are currently known, the vulnerability was assigned by the Zero Day Initiative (ZDI) under CAN-23413 and published on November 22, 2024. No patches have been released yet, increasing the urgency for mitigation. The vulnerability affects only the specified version 22.02.01 of Panda Security Dome, and organizations running this version should consider immediate risk assessment and mitigation steps.

The impact of CVE-2024-7243 is significant for organizations using Panda Security Dome 22.02.01. Successful exploitation grants attackers SYSTEM-level privileges, effectively full control over the affected host. This level of access allows attackers to bypass security controls, install persistent malware, exfiltrate sensitive data, disrupt operations, or move laterally within networks. Since the vulnerability requires prior low-privileged code execution, it can serve as a critical escalation step in multi-stage attacks. The compromise of security software itself undermines trust in endpoint protection, potentially allowing attackers to disable or evade defenses. Organizations in sectors with stringent security requirements, such as finance, healthcare, government, and critical infrastructure, face heightened risks. The absence of a patch and known exploits in the wild means attackers may develop exploits rapidly, increasing the threat window. Overall, the vulnerability poses a high risk to confidentiality, integrity, and availability of affected systems.

1. Immediate mitigation should focus on restricting local user permissions to prevent unauthorized code execution at low privilege levels, as initial access is required for exploitation. 2. Employ application whitelisting and endpoint detection and response (EDR) solutions to monitor and block suspicious creation of junctions or file system manipulations related to PSANHost. 3. Isolate critical systems running Panda Security Dome to limit lateral movement opportunities. 4. Regularly audit and monitor logs for unusual file creation or privilege escalation attempts involving the PSANHost service. 5. Engage with Panda Security support to obtain any available patches, hotfixes, or recommended configuration changes as soon as they are released. 6. Consider temporary disabling or restricting the vulnerable service if operationally feasible until a patch is available. 7. Educate system administrators and security teams about this vulnerability to enhance detection and response capabilities. 8. Implement strict control over local user accounts and reduce the attack surface by disabling unnecessary services or features on endpoints running the affected software.