CVE-2024-40872
CVE-2024-40872
Título es
CVE-2024-40872
Jue, 25/07/2024 – 17:15
Tipo
CWE-822
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2024-40872
Descripción en
There is an elevation of privilege vulnerability in server
and client components of Absolute Secure Access prior to version 13.07.
Attackers with local access and valid desktop user credentials can elevate
their privilege to system level by passing invalid address data to the vulnerable
component. This could be used to
manipulate process tokens to elevate the privilege of a normal process to
System. The scope is changed, the impact to system confidentiality and
integrity is high, the impact to the availability of the effected component is
none.
and client components of Absolute Secure Access prior to version 13.07.
Attackers with local access and valid desktop user credentials can elevate
their privilege to system level by passing invalid address data to the vulnerable
component. This could be used to
manipulate process tokens to elevate the privilege of a normal process to
System. The scope is changed, the impact to system confidentiality and
integrity is high, the impact to the availability of the effected component is
none.
25/07/2024
25/07/2024
Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Gravedad 3.1 (CVSS 3.1 Base Score)
8.40
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH
Enviar en el boletín
Off
