CVE-2024-7248 – This vulnerability in Comodo Internet Security ... (How to Fix)

Q: What is the severity of CVE-2024-7248?

CVE-2024-7248 has a CVSS score of 7.8 (HIGH). This vulnerability in Comodo Internet Security Pro allows local attackers to escalate privileges from low-privileged user accounts to SYSTEM level by exploiting a directory traversal flaw in the update mechanism. Attackers must first gain execution capability on the target system. Only users running Comodo Internet Security Pro are affected.

📋 TL;DR

This vulnerability in Comodo Internet Security Pro allows local attackers to escalate privileges from low-privileged user accounts to SYSTEM level by exploiting a directory traversal flaw in the update mechanism. Attackers must first gain execution capability on the target system. Only users running Comodo Internet Security Pro are affected.

💻 Affected Systems

Products:

Comodo Internet Security Pro

Versions: Specific versions not publicly detailed in references; likely recent versions prior to patch

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Comodo Internet Security Pro installation with vulnerable update mechanism. Standard user access needed initially.

📦 What is this software?

Internet Security by Comodo

View all CVEs affecting Internet Security →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full SYSTEM compromise allowing complete control of the system, installation of persistent malware, credential theft, and lateral movement across the network.

🟠

Likely Case

Local privilege escalation from standard user to SYSTEM, enabling installation of additional malware, disabling security controls, and persistence mechanisms.

🟢

If Mitigated

Limited impact if proper endpoint protection, least privilege principles, and application control are implemented, though the vulnerability still exists.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring initial access to the system.

🏢 Internal Only: HIGH - Once an attacker gains initial access (via phishing, malware, etc.), they can exploit this to gain full system control.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access and ability to execute code. The directory traversal flaw suggests straightforward exploitation once initial access is achieved.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in references; check Comodo advisory for exact version

Vendor Advisory: Not provided in references; check Comodo security advisories

Restart Required: Yes

Instructions:

1. Open Comodo Internet Security Pro. 2. Navigate to Settings/Update. 3. Check for and apply available updates. 4. Restart the system to ensure patch is fully applied.

🔧 Temporary Workarounds

Restrict local user privileges

windows

Implement least privilege principles to limit initial attack surface

Disable unnecessary Comodo services

windows

Temporarily disable Comodo update service if not critically needed

sc stop "Comodo Update Service"
sc config "Comodo Update Service" start= disabled

🧯 If You Can't Patch

Remove Comodo Internet Security Pro and replace with alternative security solution
Implement application control policies to block execution of suspicious processes

🔍 How to Verify

Check if Vulnerable:

Check Comodo Internet Security Pro version and compare against patched versions in vendor advisory

Check Version:

Open Comodo Internet Security Pro → Help → About

Verify Fix Applied:

Verify Comodo is updated to latest version and attempt to reproduce directory traversal (not recommended in production)

📡 Detection & Monitoring

Log Indicators:

Unusual file operations in Comodo update directories
Process creation with SYSTEM privileges from user accounts
Directory traversal patterns in file paths

Network Indicators:

Unusual outbound connections from Comodo update processes

SIEM Query:

Process creation where parent_process contains 'comodo' and user changes from standard user to SYSTEM

📊 Metadata

CVE ID: CVE-2024-7248

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: July 29, 2024

Last Updated: November 21, 2024

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-24-953/ Third Party Advisory,VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-24-953/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7248, you might also want to check these: