Local Privilege Escalation Vulnerability Found in Ivanti Velocity License Server Before Version 5.2

CVE-2024-9167

7HIGH

Key Information

Vendor: Ivanti
Status: Velocity License Server
Vendor: CVE Published:; 8 October 2024

Summary

Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation.

Affected Version(s)

Velocity License Server <= 5.2

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Oct 8, 2024
Vulnerability Reserved.
Sep 24, 2024

Collectors

NVD DatabaseMitre Database