CVE-2024-58315

Опубликовано: 30 дек. 2025

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the service startup process by inserting malicious code in the system root path, enabling unauthorized code execution during application startup or system reboot.

Ссылки

https://packetstormsecurity.com/files/177260/
Third Party Advisory
https://www.tosi.net/
Product
https://www.vulncheck.com/advisories/tosibox-key-service-local-privilege-escalation-via-unquoted-service-path
Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5812.php
Exploit
Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5812.php
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:tosi:tosibox_key:*:*:*:*:*:*:*:*

Версия до 3.3.0 (включая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 1%

0.00012

Низкий

7.8 High

CVSS3

Дефекты

CWE-428

Связанные уязвимости

GHSA-jv66-87h9-r6q4

CVSS3: 8.4

github

около 1 месяца назад