WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability
Description
WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. User interaction on the part of an administrator is required to exploit this vulnerability.
The specific flaw exists within the WithSecure plugin hosting service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23035.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
WithSecure Elements Endpoint Protection contains a local privilege escalation vulnerability via a symbolic link in its plugin hosting service, allowing SYSTEM-level code execution.
Vulnerability
A local privilege escalation vulnerability exists in WithSecure Elements Endpoint Protection (CVE-2024-4454). The specific flaw resides in the WithSecure plugin hosting service. By creating a symbolic link, an attacker can abuse the service to create a file. Affected versions are not explicitly listed in the available references, but the advisory covers the product line up to the publication date of May 22, 2024 [1].
Exploitation
The attack is local and requires low privileges, but user interaction from an administrator is necessary to trigger the vulnerability. The attacker must first create a symbolic link, then convince an administrator to perform an action that causes the plugin hosting service to process the link. The exact sequence of steps is not detailed in the references, but the symbolic link manipulation leads to file creation by the service [1].
Impact
Successful exploitation allows the attacker to escalate privileges and execute arbitrary code in the context of SYSTEM, granting full control over the affected system. The impact compromises confidentiality, integrity, and availability [1].
Mitigation
As of the publication date, no patch or specific mitigation is disclosed in the available references. Users are advised to follow vendor advisories and apply updates when released. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog at this time [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- WithSecure/Elementsv5Range: 23.9
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- www.zerodayinitiative.com/advisories/ZDI-24-491/mitrex_research-advisory
News mentions
0No linked articles in our index yet.