Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-27518

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-29 Apr, 2024 | 00:00
Updated At-22 Aug, 2024 | 19:05
Rejected At-
Credits

An issue in SUPERAntiSyware Professional X 10.0.1262 and 10.0.1264 allows unprivileged attackers to escalate privileges via a restore of a crafted DLL file into the C:\Program Files\SUPERAntiSpyware folder.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
ā–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:29 Apr, 2024 | 00:00
Updated At:22 Aug, 2024 | 19:05
Rejected At:
ā–¼CVE Numbering Authority (CNA)

An issue in SUPERAntiSyware Professional X 10.0.1262 and 10.0.1264 allows unprivileged attackers to escalate privileges via a restore of a crafted DLL file into the C:\Program Files\SUPERAntiSpyware folder.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.youtube.com/watch?v=FM5XlZPdvdo
N/A
https://www.superantispyware.com/
N/A
https://github.com/secunnix/CVE-2024-27518
N/A
Hyperlink: https://www.youtube.com/watch?v=FM5XlZPdvdo
Resource: N/A
Hyperlink: https://www.superantispyware.com/
Resource: N/A
Hyperlink: https://github.com/secunnix/CVE-2024-27518
Resource: N/A
ā–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.youtube.com/watch?v=FM5XlZPdvdo
x_transferred
https://www.superantispyware.com/
x_transferred
https://github.com/secunnix/CVE-2024-27518
x_transferred
Hyperlink: https://www.youtube.com/watch?v=FM5XlZPdvdo
Resource:
x_transferred
Hyperlink: https://www.superantispyware.com/
Resource:
x_transferred
Hyperlink: https://github.com/secunnix/CVE-2024-27518
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
superantispyware
Product
professional_x
CPEs
  • cpe:2.3:a:superantispyware:professional_x:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 10.0.1262 (custom)
Vendor
superantispyware
Product
professional_x
CPEs
  • cpe:2.3:a:superantispyware:professional_x:10.0.1264:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 10.0.1264
Problem Types
TypeCWE IDDescription
CWECWE-269CWE-269 Improper Privilege Management
Type: CWE
CWE ID: CWE-269
Description: CWE-269 Improper Privilege Management
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
ā–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:29 Apr, 2024 | 21:15
Updated At:15 Apr, 2026 | 00:35

An issue in SUPERAntiSyware Professional X 10.0.1262 and 10.0.1264 allows unprivileged attackers to escalate privileges via a restore of a crafted DLL file into the C:\Program Files\SUPERAntiSpyware folder.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-269Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-269
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/secunnix/CVE-2024-27518cve@mitre.org
N/A
https://www.superantispyware.com/cve@mitre.org
N/A
https://www.youtube.com/watch?v=FM5XlZPdvdocve@mitre.org
N/A
https://github.com/secunnix/CVE-2024-27518af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.superantispyware.com/af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.youtube.com/watch?v=FM5XlZPdvdoaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://github.com/secunnix/CVE-2024-27518
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.superantispyware.com/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.youtube.com/watch?v=FM5XlZPdvdo
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/secunnix/CVE-2024-27518
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.superantispyware.com/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.youtube.com/watch?v=FM5XlZPdvdo
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

57Records found
CVE-2024-23276
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-8.4||HIGH
EPSS-0.28% / 20.05%
||
7 Day CHG~0.00%
Published-08 Mar, 2024 | 01:35
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSmacos
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-36945
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-1.73% / 74.69%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 18:12
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows 10 Update Assistant Elevation of Privilege Vulnerability

Windows 10 Update Assistant Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_update_assistantWindows Update Assistant
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-21970
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-2.54% / 82.98%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:23
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-27826
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.26% / 17.23%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 22:17
Updated-02 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.6, macOS Sonoma 14.5, macOS Ventura 13.6.8, tvOS 17.5, visionOS 1.3, watchOS 10.5. A local attacker may be able to cause unexpected system shutdown.

Action-Not Available
Vendor-Apple Inc.
Product-tvosvisionoswatchosmacosiphone_osipadosvisionOSmacOStvOSiOS and iPadOSwatchOStv_osvisionosipad_osmacosiphone_oswatch_os
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-36931
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.4||MEDIUM
EPSS-1.25% / 65.55%
||
7 Day CHG+0.07%
Published-26 Aug, 2021 | 17:20
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-31847
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-8.2||HIGH
EPSS-0.39% / 30.39%
||
7 Day CHG~0.00%
Published-22 Sep, 2021 | 13:25
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper privilege management in repair process of MA for Windows

Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature.

Action-Not Available
Vendor-McAfee, LLC
Product-agentMcAfee Agent for Windows
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-24090
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-3.29% / 86.91%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:01
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Error Reporting Elevation of Privilege Vulnerability

Windows Error Reporting Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows 10 Version 2004Windows Server version 2004Windows Server, version 1909 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • Next
Details not found