High
CVE-2019-3969: Comodo Antivirus Privilege Escalation
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
High
(2 users assessed)
High
(2 users assessed)Unknown
Unknown
Unknown
CVE-2019-3969: Comodo Antivirus Privilege Escalation
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Local Privilege Escalation due to CmdAgent’s handling of COM clients. A local process can bypass the signature check enforced by CmdAgent via process hollowing which can then allow the process to invoke sensitive COM methods in CmdAgent such as writing to the registry with SYSTEM privileges.
Add Assessment
Ratings
-
Attacker ValueHigh
-
ExploitabilityMedium
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild Report
Ratings
-
Attacker ValueMedium
-
ExploitabilityHigh
Technical Analysis
This is a very well-written research paper, with lots of artifacts and a Github-hosted PoC. As privesc’s go, this looks pretty reliable. Since I’m not seeing any publications from Comodo yet, this may still be useful in the wild.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportCVSS V3 Severity and Metrics
General Information
Vendors
- comodo
Products
- antivirus
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
