CVE-2021-34998

Name of the Vulnerable Software and Affected Versions: Panda Security Free Antivirus version 20.2.0.0

Description: This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The specific flaw exists within the use of named pipes, where an untrusted process can impersonate the client of a pipe. This can be leveraged to escalate privileges and execute arbitrary code in the context of SYSTEM.

Recommendations: For Panda Security Free Antivirus version 20.2.0.0, consider restricting access to named pipes to prevent untrusted processes from impersonating the client of a pipe until a patch is available. As a temporary workaround, limiting the ability of low-privileged code to execute on the target system can also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.