Privilege Escalation Vulnerability in Jungo WinDriver Allows Local Attackers to Execute Arbitrary Code
CVE-2024-25088

7.8HIGH

Key Information:

Vendor: Jungo
Status: Windriver
Vendor: CVE Published:; 2 July 2024

What is CVE-2024-25088?

An identified vulnerability in Jungo WinDriver prior to version 12.5.1 allows local attackers to exploit improper privilege management. This flaw enables unauthorized users to escalate their privileges and execute arbitrary code within the affected software environment. The potential consequences include unauthorized access to sensitive functions and data, which can significantly compromise both system integrity and security. Users are advised to assess their current versions and apply mitigations as necessary.

References

https://jungo.com/windriver/versions/

https://www.mitsubishielectric.com/en/psirt/vulnerability...

https://www.cisa.gov/news-events/ics-advisories/icsa-24-1...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 2, 2024