Okta Verify for Windows vulnerable to DLL hijacking
CVE-2024-7061

7.8HIGH

Key Information:

Vendor: Okta
Status: Okta Verify For Windows
Vendor: CVE Published:; 7 August 2024

What is CVE-2024-7061?

The vulnerability in Okta Verify for Windows enables attackers to exploit a flaw in the software's handling of Dynamic Link Libraries (DLLs), resulting in potential privilege escalation. This design oversight could allow unauthorized users to execute malicious code with elevated privileges, thus compromising system security. Users are strongly advised to upgrade to Okta Verify for Windows version 5.0.2 or later to mitigate these risks and enhance the security posture of their systems.

Affected Version(s)

Okta Verify for Windows 5.0.1

Okta Verify for Windows 5.0.2

References

https://trust.okta.com/security-advisories/okta-verify-fo...

vendor-advisory

https://help.okta.com/oie/en-us/content/topics/releasenot...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 7, 2024

Credit

Okta would like to thank Ryan Wincey of Securifera, Inc. for discovering this vulnerability.