CVE-2024-4454

CVE Database · CVE-2024-4454

CVE-2024-4454

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

0.40%

Published

May 22, 2024

Modified

Aug 14, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the WithSecure plugin hosting service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23035.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-59

Affected Products (5)

withsecure · client_securityvulnerable

withsecure · elements_endpoint_protectionvulnerable

withsecure · email_and_server_securityvulnerable

withsecure · server_securityvulnerable

microsoft · windows

References (2)

https://www.zerodayinitiative.com/advisories/ZDI-24-491/

Third Party Advisory

https://www.zerodayinitiative.com/advisories/ZDI-24-491/

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs