Privilege Escalation Vulnerability in Jungo WinDriver Allows Local Attackers to Execute Arbitrary Code
CVE-2024-25086

7.8HIGH

Key Information:

Vendor: Jungo
Status: Windriver
Vendor: CVE Published:; 2 July 2024

What is CVE-2024-25086?

The vulnerability in Jungo's WinDriver prior to version 12.2.0 allows local attackers to exploit improper privilege management. Successful exploitation can lead to privilege escalation, enabling malicious actors to execute arbitrary code within the system. This flaw poses significant risks, particularly in scenarios where unprivileged users are able to gain elevated access, potentially compromising system integrity and confidentiality. Organizations using the affected versions must implement remedial measures to mitigate the risks associated with this vulnerability.

References

https://jungo.com/windriver/versions/

https://www.mitsubishielectric.com/en/psirt/vulnerability...

https://www.cisa.gov/news-events/ics-advisories/icsa-24-1...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 2, 2024