There is an elevation of privilege vulnerability in server
and client components of Absolute Secure Access prior to version 13.07.
Attackers with local access and valid desktop user credentials can elevate
their privilege to system level by passing invalid address data to the vulnerable
component. This could be used to
manipulate process tokens to elevate the privilege of a normal process to
System. The scope is changed, the impact to system confidentiality and
integrity is high, the impact to the availability of the effected component is
none.
References
Configurations
No configuration.
History
26 Jul 2024, 12:38
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
25 Jul 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-25 17:15
Updated : 2024-07-26 12:38
NVD link : CVE-2024-40872
Mitre link : CVE-2024-40872
CVE.ORG link : CVE-2024-40872
JSON object : View
Products Affected
No product.
CWE
CWE-822
Untrusted Pointer Dereference