CVE-2024-11467

High

Published: 04 February 2025

Published

04 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0007 20.6th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a logic flaw. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed.

Security Summary

CVE-2024-11467 is a local privilege escalation (LPE) vulnerability stemming from a logic flaw in the Omnissa Horizon Client for macOS. This issue affects systems where the Horizon Client is installed, enabling attackers to elevate privileges. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-269 (Improper Privilege Management).

Local users with standard privileges on the affected macOS system can exploit this vulnerability without requiring additional user interaction. Successful exploitation grants root-level access, potentially allowing full control over the system, including high-impact compromise of confidentiality, integrity, and availability.

Omnissa has published security advisory OMSA-2024-0002, available at https://static.omnissa.com/sites/default/files/OMSA-2024-0002.pdf, along with additional details on their security response page at https://www.omnissa.com/omnissa-security-response/. These resources outline mitigation and patching guidance for addressing the vulnerability.

Details

CWE(s): CWE-269

References

https://static.omnissa.com/sites/default/files/OMSA-2024-0002.pdf
de5a6978-88fe-4c27-a7df-d0d5b52d5b52
https://www.omnissa.com/omnissa-security-response/
de5a6978-88fe-4c27-a7df-d0d5b52d5b52