Remote Code Execution Vulnerability in Delinea Secret Server
CVE-2024-12908

6.9MEDIUM

Key Information:

Vendor

Delinea

Status
Secret Server
Vendor
CVE Published:
26 December 2024

What is CVE-2024-12908?

CVE-2024-12908 is a remote code execution vulnerability identified within the Delinea Secret Server product, which is designed for secure storage and management of sensitive information such as passwords and documents. If exploited, this vulnerability may allow an attacker to execute arbitrary code on a user’s machine by tricking them into interacting with a malicious web page or document. This represents a serious threat to organizations relying on Secret Server for critical security operations, potentially leading to unauthorized access to sensitive information and systems.

Technical Details

The vulnerability arises from issues in the protocol handler of Secret Server version 11.7.31 (protocol handler version 6.0.3.26). Specifically, the problem occurs due to the improper handling of URI comparisons prior to normalization and canonicalization. This flaw can lead to over-matching against the approved list of URIs, which an attacker could exploit to manipulate user interactions with malicious web content or documents. In response to this vulnerability, Delinea has implemented additional validation measures for its installer batch files.

Potential Impact of CVE-2024-12908

  1. Arbitrary Code Execution: Successful exploitation allows attackers to run arbitrary code on the compromised system, which could lead to data manipulation, unauthorized operations, or further exploitation of the network.

  2. Data Breach Risks: The vulnerability poses a risk of unauthorized access to sensitive data stored within Delinea Secret Server, potentially leading to widespread data breaches.

  3. Increased Attack Surface: Organizations using Secret Server may find themselves vulnerable to additional attacks as malicious actors leverage this exploit to gain footholds within the network, complicating overall security postures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Secret Server 11.7.31

References

https://docs.delinea.com/online-help/secret-server/releas...
release-notes
https://trust.delinea.com/
vendor-advisory
https://blog.amberwolf.com/blog/2024/december/cve-2024-12...
third-party-advisory

CVSS V3.1

Score:
6.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

David Cash and Richard Warren of Amber Wolf
JSON
.