CVE-2016-3943

HIGH

Panda Endpoint Administration Agent <7.50.00 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-3943. PoCs published by Kyriakos Economou.

AI-analyzed exploit summary This is a vulnerability writeup describing a privilege escalation flaw in Panda Endpoint Administration Agent due to weak ACLs on the installation directory, allowing any local user to overwrite executables and gain SYSTEM privileges.

Description

Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module.

Exploits (1)

exploitdb WRITEUP

by Kyriakos Economou · textlocalwindows

https://www.exploit-db.com/exploits/39671

View Code ZIP pw:eip

This is a vulnerability writeup describing a privilege escalation flaw in Panda Endpoint Administration Agent due to weak ACLs on the installation directory, allowing any local user to overwrite executables and gain SYSTEM privileges.

Classification

Writeup 100%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Panda Endpoint Administration Agent < v7.50.00

No auth needed

Prerequisites: Local access to the vulnerable system · Weak ACLs on 'C:\Program Files\Panda Security\WaAgent'

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1574.001 - DLL

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/39671/

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2016/Apr/24

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/136606/Panda-Endpoint-Administration-Agent-Privilege-Escalation.html

Scores

CVSS v3 7.8

EPSS 0.0119

EPSS Percentile 64.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-276

Status published

Products (1)

watchguard/panda_endpoint_administration_agent < 7.49

Published Apr 18, 2016

Tracked Since Feb 18, 2026