Security Update: Privilege Escalation

This document details a privilege escalation vulnerability identified in the Vulnerability Manager Plus Agent.

Severity: High

Attack Vector: Local

Fixed Build: Fix is released via vulnerability database sync to all build versions.

Release Date: 7th November 2024

Reported by: Bharathsur97 via ZohoCorp Bug Bounty Program

What was the problem?

Under certain conditions, a standard user could place an executable file in a specific directory. During the scan, this file could be executed with system privileges.

How to fix it?

• The fix for this issue will be automatically applied during the vulnerability database sync.

To ensure the fix is applied:

• Verify that the last Vulnerability Database sync occurred after 7th November 2024.

If you have any questions or need assistance verifying your environment, please contact our support team.