CVE-2022-39959
Published: 07 October 2022
Summary
CVE-2022-39959 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Panini Everest Engine. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 33.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other AI Platforms.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-42403
Vulnerability details
Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%\Panini\Everest Engine\EverestEngine.exe and therefore a Trojan horse…
more
%PROGRAMDATA%\Panini\Everest.exe may be executed instead of the intended vendor-supplied EverestEngine.exe file.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: trojan
Related Threats
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.