We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-11969

Incorrect default permissions in Cradlepoint NetCloud Exchange



Description

The NetCloud Exchange client for Windows, version 1.110.50, contains an insecure file and folder permissions vulnerability. A normal (non-admin) user could exploit the weakness in file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control permissions exist on the ‘Everyone’ group (i.e. any user who has local access to the operating system regardless of their privileges).

Reserved 2024-11-28 | Published 2024-11-28 | Updated 2024-11-29 | Assigner INCIBE


HIGH: 8.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-276 Incorrect Default Permissions

Product status

Default status
unaffected

1.110.50
affected

Credits

Alexander Huaman Jaimes finder

References

www.incibe.es/...t-permissions-cradlepoint-netcloud-exchange

cve.org (CVE-2024-11969)

nvd.nist.gov (CVE-2024-11969)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-11969

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.