YubiKey Manager GUI Privilege Escalation Vulnerability
CVE-2024-31498
What is CVE-2024-31498?
The YSA-2024-01 security advisory identifies a privilege escalation vulnerability in the YubiKey Manager GUI, which can lead to unexpected privilege escalation on Windows. If a user runs the YubiKey Manager GUI as Administrator, browser windows opened by it may also be opened as Administrator. The affected software is YubiKey Manager GUI versions prior to 1.2.6 on Windows, and the issue can be exploited by a local attacker to perform actions as Administrator. Yubico recommends affected customers to update to the latest version of YubiKey Manager available for download from their website. The severity of the vulnerability is rated as High, with a CVSS score of 7.7, and the issue was identified on February 1, 2024, with the advisory released on April 4, 2024. No known exploitation of this vulnerability by ransomware groups has been reported.
News Articles
meterpreter.orgCVE-2024-31498Security Alert: YubiKey Users Must Update Software
The issue pertains to the YubiKey Manager application and is identified under the identifier CVE-2024-31498. It has been assessed with a CVSS score of 7.7
ForbesCVE-2024-31498Yubico Issues YubiKey Security Alert For Windows Users
Windows users who have upped their authentication game by using a hardware YubiKey security key have been warned a vulnerability could expose their systems to attack.
Security Advisory YSA-2024-01
Security Advisory YSA-2024-01 YubiKey Manager Privilege Escalation Published Date: 2024-04-04Tracking IDs: YSA-2024-01CVE: CVE-2024-31498CVSS 3.1: 7.7 Summary A security issue has been identified in YubiKey Manager GUI which could lead to unexpected privilege escalation on Windows. If a user runs th...