cve/2024/CVE-2024-9875.md

### [CVE-2024-9875](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9875)
![](https://img.shields.io/static/v1?label=Product&message=Okta%20Privileged%20Access%20Server%20Agent%20(SFTD)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=1.82.0%3C%201.84.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen)

### Description

Okta Privileged Access server agent (SFTD) versions 1.82.0 to 1.84.0 are affected by a privilege escalation vulnerability when the sudo command bundles feature is enabled. To remediate this vulnerability, upgrade the Okta Privileged Access server agent (SFTD) to version 1.87.1 or greater.

### POC

#### Reference
- https://help.okta.com/asa/en-us/content/topics/releasenotes/advanced-server-access-release-notes.htm

#### Github
No PoCs found on GitHub currently.