CVE-2022-39959

HIGH

Panini Everest Engine 2.0.4 - Unquoted Search Path Privilege Escalation via Everest.exe

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-39959. PoCs published by usmarine2141.

AI-analyzed exploit summary The repository describes a local privilege escalation (LPE) vulnerability in Panini Everest Engine 2.0.4 due to an unquoted service path. An attacker can exploit this by placing a malicious executable in the unquoted path, which gets executed with SYSTEM privileges upon service restart or system reboot.

Description

Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%\Panini\Everest Engine\EverestEngine.exe and therefore a Trojan horse %PROGRAMDATA%\Panini\Everest.exe may be executed instead of the intended vendor-supplied EverestEngine.exe file.

Exploits (1)

nomisec WRITEUP 1 stars
by usmarine2141 · poc
https://github.com/usmarine2141/CVE-2022-39959

The repository describes a local privilege escalation (LPE) vulnerability in Panini Everest Engine 2.0.4 due to an unquoted service path. An attacker can exploit this by placing a malicious executable in the unquoted path, which gets executed with SYSTEM privileges upon service restart or system reboot.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Panini Everest Engine 2.0.4
Auth required
Prerequisites: Local access to the system · Ability to write to %PROGRAMDATA%\Panini
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.8
EPSS 0.0058
EPSS Percentile 42.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-428
Status published
Products (1)
panini/everest_engine 2.0.4
Published Oct 07, 2022
Tracked Since Feb 18, 2026