We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-40872

Elevation of privilege in Absolute Secure Access clients and servers



Description

There is an elevation of privilege vulnerability in server and client components of Absolute Secure Access prior to version 13.07. Attackers with local access and valid desktop user credentials can elevate their privilege to system level by passing invalid address data to the vulnerable component. This could be used to manipulate process tokens to elevate the privilege of a normal process to System. The scope is changed, the impact to system confidentiality and integrity is high, the impact to the availability of the effected component is none.

Reserved 2024-07-10 | Published 2024-07-25 | Updated 2024-08-02 | Assigner Absolute


HIGH: 8.4CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Problem types

CWE-822 Untrusted Pointer Dereference

Product status

Default status
unaffected

Any version before 13.07
affected

References

www.absolute.com/...chive/secure-access-1307/cve-2024-40872/

cve.org (CVE-2024-40872)

nvd.nist.gov (CVE-2024-40872)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-40872

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.

© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.