CVE-2018-6322 in Global Protection
Summary
by MITRE
Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \.\pipe\PSANMSrvcPpal -- an "insecurely created named pipe." Ensures full access to Everyone users group.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 01/12/2020
CVE-2018-6322 represents a critical privilege escalation vulnerability affecting Panda Global Protection version 17.0.1 that stems from the insecure creation of named pipes within the Windows operating system. This vulnerability specifically targets the PSANMSrvcPpal named pipe which is used by the Panda Security service for communication purposes. The flaw occurs when the application creates named pipes without proper access control mechanisms, allowing local attackers to impersonate the pipe and gain unauthorized access to system resources. The vulnerability is categorized under CWE-276 as "Insecure Default Permissions" and falls within the broader category of privilege escalation flaws that can be exploited by attackers with local system access. The insecurely created named pipe provides full access to the Everyone users group, effectively granting any local user the ability to execute arbitrary code with elevated privileges.
The technical exploitation of this vulnerability involves the attacker creating a malicious named pipe with the same name as the vulnerable PSANMSrvcPpal pipe, thereby intercepting communication between legitimate processes and the Panda Security service. This man-in-the-middle approach allows the attacker to manipulate service communications and potentially execute malicious code with the privileges of the Panda Security service account. The vulnerability exists because the application does not properly validate or secure the named pipe creation process, failing to implement proper access control lists or security descriptors that would normally restrict pipe access to authorized processes only. This flaw directly impacts the Windows security model by bypassing the standard access control mechanisms that should prevent unauthorized access to system resources.
The operational impact of CVE-2018-6322 extends beyond simple privilege escalation to include potential denial of service conditions and full system compromise. Local users who exploit this vulnerability can gain access to sensitive system information, modify security settings, and potentially establish persistence mechanisms within the compromised system. The vulnerability affects organizations that deploy Panda Global Protection 17.0.1 as it provides attackers with a straightforward method to elevate their privileges from standard user level to system level access. This makes the vulnerability particularly dangerous in enterprise environments where multiple users may have local access to systems running the vulnerable software. The exploitability of this vulnerability is high due to the minimal privileges required for exploitation and the significant impact of successful attacks.
Organizations should implement immediate mitigations including updating to the latest version of Panda Global Protection that addresses this vulnerability, applying the vendor-provided security patches, and implementing proper access control measures for named pipes. System administrators should also consider monitoring for unauthorized pipe creation activities and implementing network segmentation to limit local access to critical systems. The vulnerability aligns with ATT&CK technique T1068 which describes "Local Port Scan" and T1059 which covers "Command and Scripting Interpreter" as attackers may use this vulnerability to execute malicious commands with elevated privileges. Additionally, organizations should conduct regular security assessments to identify other insecurely created named pipes and ensure that proper security descriptors are implemented for all system resources. The vulnerability demonstrates the importance of proper privilege separation and access control implementation in security software to prevent attackers from exploiting design flaws in system components.