Privilege Escalation Vulnerability in Delinea Privilege Manager
CVE-2024-39708

7HIGH

Key Information:

Vendor: Delinea
Vendor: CVE Published:; 28 June 2024

What is CVE-2024-39708?

A vulnerability exists in the Agent component of Delinea Privilege Manager, specifically impacting versions before 12.0.1096 on Windows operating systems. The flaw allows non-administrator users to manipulate system files, specifically by copying a crafted Dynamic Link Library (DLL) file into a temporary directory utilized by .NET Shadow Copies. If the core agent service subsequently loads this file, it can lead to unauthorized privilege escalation, potentially compromising system integrity and security. Proper awareness and timely updates are essential for maintaining system security against such risks.

References

https://docs.delinea.com/online-help/privilege-manager/re...

https://www.cyberark.com/resources/threat-research-blog/i...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2024

CVE-2024-39708 Data

JSON