CVE-2024-58315

Tosibox Key Service 3.3.0 Local Privilege Escalation via Unquoted Service Path

CVSS 8.5 HIGHEPSS 0.2%CWE-428

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.5EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

30 dez 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the service startup process by inserting malicious code in the system root path, enabling unauthorized code execution during application startup or system reboot.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Produtos afetados

Tosibox Oy · Tosibox Key Service

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://packetstormsecurity.com/files/177260/https://www.tosi.net/https://www.vulncheck.com/advisories/tosibox-key-service-local-privilege-escalation-via-unquoted-service-path https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5812.php