We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-40872

Elevation of privilege in Absolute Secure Access clients and servers



AssignerAbsolute
Reserved2024-07-10
Published2024-07-25
Updated2024-08-02

Description

There is an elevation of privilege vulnerability in server and client components of Absolute Secure Access prior to version 13.07. Attackers with local access and valid desktop user credentials can elevate their privilege to system level by passing invalid address data to the vulnerable component. This could be used to manipulate process tokens to elevate the privilege of a normal process to System. The scope is changed, the impact to system confidentiality and integrity is high, the impact to the availability of the effected component is none.



HIGH: 8.4CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Problem types

CWE-822 Untrusted Pointer Dereference

Product status

Default status
unaffected

Any version before 13.07
affected

References

https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1307/cve-2024-40872/

cve.org CVE-2024-40872

nvd.nist.gov CVE-2024-40872

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.

© Copyright 2024 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.