Elevation of Privilege Vulnerability Affects Server and Client Components
CVE-2024-40872

8.4HIGH

Key Information:

Vendor: Absolute Security
Status: Secure Access
Vendor: CVE Published:; 25 July 2024

🔔 Create Absolute Security Vulnerability Alert

What is CVE-2024-40872?

An elevation of privilege vulnerability exists in both the server and client components of Absolute Secure Access prior to version 13.07. This vulnerability can be exploited by attackers who have local access and possess valid desktop user credentials, allowing them to pass invalid address data to the vulnerable component. Through this method, attackers can manipulate process tokens, elevating the privilege of a standard process to system level. As a result, there are significant implications for system confidentiality and integrity.

Affected Version(s)

Secure Access 0 < 13.07

References

https://www.absolute.com/platform/security-information/vu...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2024