WatchGuard, Panda Security Products: Code Execution Vulnerabilities Uncovered

January 29, 2024
1 min read

TLDR:

  • WatchGuard and Panda Security products have been found to have vulnerabilities that could lead to code execution with system privileges.
  • Cybersecurity firm Sophos identified the vulnerabilities in the Panda Kernel Memory Access driver that is installed alongside the affected products.
  • The vulnerabilities, CVE-2023-6330 and CVE-2023-6331, could cause denial of service (DoS) conditions or allow attackers to execute arbitrary code.
  • Both vulnerabilities require an attacker to be authenticated with administrative privileges to exploit them.

Two memory safety vulnerabilities have been discovered in WatchGuard and Panda Security products, both of which could lead to attackers executing arbitrary code with System privileges. The vulnerabilities were identified in the Panda Kernel Memory Access driver that is installed alongside WatchGuard EPDR, Panda AD360, and Panda Dome for Windows. One vulnerability, known as CVE-2023-6330, is a memory pool overflow defect that allows an attacker to overflow the allocated kernel memory. The other vulnerability, CVE-2023-6331, is an out-of-bounds write issue that leads to a kernel memory overflow. The impact of both vulnerabilities is mitigated by the fact that an attacker needs to be authenticated with administrative privileges to exploit them.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and