Xavier Danest

**Name of the Vulnerable Software and Affected Versions** vcpkg versions prior to 3.6.1#3 **Description** vcpkg, a C/C++ package manager, exhibited a configuration issue in its Windows builds of OpenSSL. Specifically, the `openssldir` setting was configured to a path on the build machine. This configuration could potentially allow for attacks on customer machines. The issue was addressed with version 3.6.1#3. **Recommendations** Update to vcpkg version 3.6.1#3 or later.

**Name of the Vulnerable Software and Affected Versions** Soda PDF Desktop (affected versions not specified) **Description** A local privilege escalation issue exists in Soda PDF Desktop due to an uncontrolled search path element. This allows for potential exploitation, leading to privilege escalation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PDFsam Enhanced (affected versions not specified) **Description** A local privilege escalation issue exists in PDFsam Enhanced. A physically-present attacker can exploit this by mounting a malicious drive onto the target system and leveraging a flaw in the OpenSSL configuration, specifically how the product loads an OpenSSL configuration file from an unsecured location. Successful exploitation allows an attacker to escalate privileges and execute arbitrary code with SYSTEM-level privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Action1 (affected versions not specified) **Description** This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The specific flaw exists within the configuration of OpenSSL, where the product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this issue to escalate privileges and execute arbitrary code in the context of SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One (affected versions not specified) **Description** The issue is related to an uncontrolled search path vulnerability in the Data Loss Prevention module, which could allow an attacker to inject malicious code. This could lead to arbitrary code execution on affected installations. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Famatech Advanced IP Scanner versions prior to 2.5.4594.1 **Description** This issue allows local attackers to gain elevated privileges on systems running Famatech Advanced IP Scanner. An attacker must first have the ability to execute code with limited privileges on the target system. The root cause is the application's insecure handling of Qt plugins, specifically loading them from an unsecured location. An attacker can exploit this by pre-staging a malicious plugin in the search path, which the application then loads with administrator privileges when executed. The vulnerability is related to unsafe Qt plugin search paths and is identified as CWE-427. **Recommendations** Versions prior to 2.5.4594.1 should be updated to a newer version.

**Name of the Vulnerable Software and Affected Versions** FlexNet Publisher versions prior to 2024 R1 (11.19.6.0) **Description** A misconfiguration in lmadmin.exe allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf file leading to the execution of a malicious DLL with elevated privileges. This issue is related to an uncontrolled search path element, which can be exploited to elevate privileges and execute arbitrary code. **Recommendations** For FlexNet Publisher versions prior to 2024 R1 (11.19.6.0), consider disabling the lmadmin.exe service or restricting access to the directory where the openssl.conf file is loaded until a patch is available. As a temporary workaround, avoid using the lmadmin.exe service until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenable Nessus (affected versions not specified) **Description** A low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 3CX (affected versions not specified) **Description** This issue allows local attackers to escalate privileges on affected installations of 3CX. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The specific flaw exists within the configuration of OpenSSL, where the product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this issue to escalate privileges and execute arbitrary code in the context of SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** D-Link Network Assistant (affected versions not specified) **Description** This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system. The specific flaw exists within the DNACore service, which loads a file from an unsecured location, allowing an attacker to leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windscribe (affected versions not specified) **Description** This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The specific flaw exists within the configuration of OpenSSL, where the product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this issue to escalate privileges and execute arbitrary code in the context of SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Trend Micro HouseCall versions 1.62.1.1133 and below **Description** The issue is related to incorrect permission assignment, which could allow a local attacker to escalate privileges due to an overly permissive folder in the product installer. This could potentially enable a remote attacker to elevate their privileges. **Recommendations** For Trend Micro HouseCall versions 1.62.1.1133 and below, consider restricting access to the overly permissive folder in the product installer as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Parallels Access Agent version 6.5.3 (39313) **Description** This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The specific flaw exists within the Dispatcher service, which loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this issue to escalate privileges and execute arbitrary code in the context of SYSTEM. **Recommendations** For Parallels Access Agent version 6.5.3 (39313), consider disabling the Dispatcher service as a temporary workaround until a patch is available. Restrict access to the unsecured location where the OpenSSL configuration file is loaded to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Parallels Access version 6.5.4 (39316) Agent **Description** This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The specific flaw exists within the Desktop Control Agent service, which loads Qt plugins from an unsecured location. An attacker can leverage this issue to escalate privileges and execute arbitrary code in the context of SYSTEM. **Recommendations** For Parallels Access version 6.5.4 (39316) Agent, consider disabling the Desktop Control Agent service until a patch is available to prevent exploitation. Restrict access to the Qt plugins loaded by the service to minimize the risk of escalation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks Cortex XDR agent versions prior to content update 330 **Description** A local privilege escalation issue exists in the Palo Alto Networks Cortex XDR agent software on Windows, allowing an authenticated local user with file creation privilege in the Windows root directory to execute a program with elevated privileges. **Recommendations** For versions prior to content update 330, apply a content update of version 330 or later to resolve the issue. As a temporary workaround, consider restricting file creation privileges in the Windows root directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NVIDIA Omniverse Nucleus and Cache (affected versions not specified) **Description** The issue is related to a vulnerability in the configuration of OpenSSL in NVIDIA Omniverse Nucleus and Cache. An attacker with physical access to the system can cause arbitrary code execution, which can impact confidentiality, integrity, and availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro HouseCall for Home Networks (affected versions not specified) **Description** The issue is related to an Uncontrolled Search Path Element Privilege Escalation. No further details are provided about the estimated number of potentially affected devices or real-world incidents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks Cortex XDR agent versions prior to 5.0.12 Palo Alto Networks Cortex XDR agent versions prior to 6.1.9 **Description** A local privilege escalation issue exists in the Palo Alto Networks Cortex XDR agent, allowing an authenticated local user to execute programs with elevated privileges. **Recommendations** For versions prior to 5.0.12, update to version 5.0.12 or later. For versions prior to 6.1.9, update to version 6.1.9 or later.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One (affected versions not specified) Trend Micro Apex One as a Service (affected versions not specified) **Description** An uncontrolled search path element issue could allow a local attacker to escalate privileges on affected installations. The attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One (affected versions not specified) Trend Micro Apex One as a Service (affected versions not specified) **Description** An uncontrolled search path element vulnerability could allow a local attacker to escalate privileges on affected installations. The attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.