CVE-2024-27359
📋 TL;DR
This vulnerability allows an attacker to cause a denial of service by sending a specially crafted archive file that triggers an infinite loop in the WithSecure engine scanner. This affects multiple WithSecure security products across Windows, Mac, and Linux platforms.
💻 Affected Systems
- WithSecure Client Security 15
- WithSecure Server Security 15
- WithSecure Email and Server Security 15
- WithSecure Elements Endpoint Protection 17 and later
- WithSecure Client Security for Mac 15
- WithSecure Elements Endpoint Protection for Mac 17 and later
- WithSecure Linux Security 64 12.0
- WithSecure Linux Protection 12.0
- WithSecure Atlant 1.0.35-1
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system unavailability due to resource exhaustion from infinite loop, potentially requiring system reboot and disrupting security monitoring.
Likely Case
Temporary service disruption of the security product, leaving systems unprotected until service restart.
If Mitigated
Minimal impact with proper network filtering and updated antivirus definitions that detect malicious archives.
🎯 Exploit Status
Exploitation requires delivering a malicious archive file to trigger scanning.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched versions
Vendor Advisory: https://www.withsecure.com/en/support/security-advisories/cve-2034-n1
Restart Required: Yes
Instructions:
1. Check vendor advisory for patched versions. 2. Update affected WithSecure products to latest version. 3. Restart systems/services as required.
🔧 Temporary Workarounds
Disable archive scanning
allTemporarily disable scanning of archive files in WithSecure products
Network filtering
allBlock suspicious archive files at network perimeter
🧯 If You Can't Patch
- Implement strict file upload controls and scanning at network perimeter
- Monitor for high CPU usage by WithSecure processes indicating potential exploitation
🔍 How to Verify
Check if Vulnerable:
Check installed WithSecure product version against affected versions listCheck Version:
Check within WithSecure product interface or consult vendor documentationVerify Fix Applied:
Verify product version is updated beyond vulnerable versions and test with known safe archive files📡 Detection & Monitoring
Log Indicators:
- High CPU usage by WithSecure processes
- Repeated archive scanning errors
- Process hangs/crashes
Network Indicators:
- Unusual archive file transfers to protected systems
SIEM Query:
Process:CPU_Usage > 90% AND Process_Name:WithSecure*