Antón Ortigueira Vázquez

**Name of the Vulnerable Software and Affected Versions** WatchGuard EPDR version 8.0.21.0002 **Description** An issue was discovered in WatchGuard EPDR, where it is possible to bypass the defensive capabilities by adding a registry key as SYSTEM. **Recommendations** For WatchGuard EPDR version 8.0.21.0002, consider restricting system-level access to prevent the addition of malicious registry keys as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WatchGuard EPDR version 8.0.21.0002 **Description** An issue was discovered that allows enabling or disabling defensive capabilities by sending a crafted message to a named pipe. **Recommendations** For WatchGuard EPDR version 8.0.21.0002, as a temporary workaround, consider restricting access to the named pipe until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WatchGuard EPDR version 8.0.21.0002 **Description** An issue was discovered due to a weak implementation of a password check, making it possible to obtain credentials to access the management console as a non-privileged user. **Recommendations** For WatchGuard EPDR version 8.0.21.0002, consider restricting access to the management console until a fix is available. As a temporary workaround, limit the privileges of non-privileged users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WatchGuard EPDR version 8.0.21.0002 **Description** The issue is related to insufficient access control in the Protection Agent component of WatchGuard Endpoint Protection, Detection and Response (EPDR) and Panda Adaptive Defense 360 (Panda AD360). Exploitation of this issue can allow an attacker to elevate privileges by sending specially crafted messages to a named pipe. This can lead to Local Privilege Escalation on Windows. **Recommendations** For WatchGuard EPDR version 8.0.21.0002, consider restricting access to the named pipe to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the vulnerable message handling functionality between WatchGuard EPDR processes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.