(0Day) F-Secure Total Link Following Local Privilege Escalation Vulnerability

July 29th, 2024

Vulnerability Details

This vulnerability allows local attackers to escalate privileges on affected installations of F-Secure Total. User interaction on the part of an administrator is required to exploit this vulnerability.

The specific flaw exists within the WithSecure plugin hosting service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.

Additional Details

02/22/24 – ZDI reported the vulnerability to F-secure’s Security team.
06/19/24 – ZDI asked for updates.
07/26/24 – ZDI informed the vendor that since we have not received a response that we will publish the case as a zero-day advisory on 07/29/24

-- Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application.


Disclosure Timeline

  • 2024-02-22 - Vulnerability reported to vendor
  • 2024-07-29 - Coordinated public release of advisory
  • 2024-08-15 - Advisory Updated

Credit

Nicholas Zubrisky (@NZubrisky) and Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative

Back to Advisories