CVE-2024-11497

High

Published: 14 January 2025

Published

14 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0014 33.7th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access.

Security Summary

CVE-2024-11497 is a privilege escalation vulnerability classified under CWE-732 (Incorrect Permission Assignment for Critical Resource), published on 2025-01-14 with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). It enables an authenticated attacker to gain root access on the affected system. The specific software or component impacted is referenced in the VDE-CERT advisory VDE-2024-070.

An attacker with low-level authenticated privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low complexity and no user interaction required. Successful exploitation grants root-level access, resulting in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged security scope.

For mitigation details, patches, and additional guidance, refer to the advisory at https://cert.vde.com/en/advisories/VDE-2024-070.

Details

CWE(s): CWE-732

References

https://cert.vde.com/en/advisories/VDE-2024-070
info@cert.vde.com