admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-05 18:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-40872.md

18 lines
1.1 KiB
Markdown
Raw Normal View History

Update CVE sources 2024-08-25 17:33
2024-08-25 17:33:10 +00:00
### [CVE-2024-40872](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40872)
![](https://img.shields.io/static/v1?label=Product&message=Secure%20Access&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%2013.07%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-822%20Untrusted%20Pointer%20Dereference&color=brighgreen)
### Description
There is an elevation of privilege vulnerability in serverand client components of Absolute Secure Access prior to version 13.07.Attackers with local access and valid desktop user credentials can elevatetheir privilege to system level by passing invalid address data to the vulnerablecomponent. This could be used tomanipulate process tokens to elevate the privilege of a normal process toSystem. The scope is changed, the impact to system confidentiality andintegrity is high, the impact to the availability of the effected component isnone.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/ericyoc/prob_vuln_assess_space_iot_sys_poc
Reference in New Issue Copy Permalink