Insecure Permissions Lead to Local Privilege Escalation
CVE-2024-10251
7.8HIGH
Summary
An identified vulnerability in Ivanti Security Controls allows local authenticated attackers to exploit insecure permissions found in earlier versions. This design flaw prior to 2024.4.1 can enable attackers to escalate their privileges, potentially compromising the integrity of the affected systems. Organizations using these versions are urged to evaluate their security posture and consider mitigation strategies.
Affected Version(s)
Security Controls 2024.4.1
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved