PT-2024-23334 · Qt Company+1 · Qt+1
Xavier Danest
·
Published
2024-06-13
·
Updated
2026-01-10
·
CVE-2024-30376
CVSS v3.1
7.3
High
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Famatech Advanced IP Scanner versions prior to 2.5.4594.1
Description
This issue allows local attackers to gain elevated privileges on systems running Famatech Advanced IP Scanner. An attacker must first have the ability to execute code with limited privileges on the target system. The root cause is the application's insecure handling of Qt plugins, specifically loading them from an unsecured location. An attacker can exploit this by pre-staging a malicious plugin in the search path, which the application then loads with administrator privileges when executed. The vulnerability is related to unsafe Qt plugin search paths and is identified as CWE-427.
Recommendations
Versions prior to 2.5.4594.1 should be updated to a newer version.
Fix
LPE
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Famatech Advanced Ip Scanner
Qt