WatchGuard, Panda Security Products: Code Execution Vulnerabilities Uncovered

January 29, 2024
1 min read

TLDR:

  • WatchGuard and Panda Security products have been found to have vulnerabilities that could lead to code execution with system privileges.
  • Cybersecurity firm Sophos identified the vulnerabilities in the Panda Kernel Memory Access driver that is installed alongside the affected products.
  • The vulnerabilities, CVE-2023-6330 and CVE-2023-6331, could cause denial of service (DoS) conditions or allow attackers to execute arbitrary code.
  • Both vulnerabilities require an attacker to be authenticated with administrative privileges to exploit them.

Two memory safety vulnerabilities have been discovered in WatchGuard and Panda Security products, both of which could lead to attackers executing arbitrary code with System privileges. The vulnerabilities were identified in the Panda Kernel Memory Access driver that is installed alongside WatchGuard EPDR, Panda AD360, and Panda Dome for Windows. One vulnerability, known as CVE-2023-6330, is a memory pool overflow defect that allows an attacker to overflow the allocated kernel memory. The other vulnerability, CVE-2023-6331, is an out-of-bounds write issue that leads to a kernel memory overflow. The impact of both vulnerabilities is mitigated by the fact that an attacker needs to be authenticated with administrative privileges to exploit them.

Latest from Blog

Top CISA official looks back on four years of cyber work

TLDR: Eric Goldstein, a top official at CISA, reflects on progress made in cybersecurity during his tenure. Key achievements include understanding cyber risks, collaboration with industry, and encouraging secure product development. Eric

Juggling AI cybersecurity highs and lows

TLDR: At the 2024 MIT Sloan CIO Symposium, industry leaders discussed the challenge of balancing AI’s benefits with its security risks, particularly focusing on generative AI. While generative AI can bring benefits

Get your free Cyber Security eBook now Valued at $169

“`html TLDR: Key Points: Claim your complimentary eBook worth $169 for free before May 22. The eBook covers practical applications of cyber security and network security for professionals, engineers, scientists, and students.