CVE-2024-23942
Published: 18 March 2025
Description
Valid accounts in cloud environments may allow adversaries to perform actions to achieve Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Security Summary
CVE-2024-23942 is a vulnerability involving the cleartext storage of sensitive data in a configuration file on a client workstation, classified under CWE-312. This issue affects the software component responsible for accessing a cloud portal, where the unencrypted sensitive data can be discovered by a local user. The vulnerability received a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H), highlighting high impacts on confidentiality and availability with low attack complexity and privileges required.
A local attacker with low privileges on the affected client workstation can locate and read the configuration file containing unencrypted sensitive data. This enables the attacker to impersonate the device by leveraging the stolen credentials or data, or to modify the file to prevent the device from accessing the cloud portal, resulting in a denial-of-service condition.
The primary advisory reference is available at https://cert.vde.com/en/advisories/VDE-2024-010, which security practitioners should consult for detailed mitigation guidance and any available patches. The CVE was published on 2025-03-18.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Cleartext sensitive data (credentials) in local config file directly enables T1552.001 (Credentials In Files) for local discovery; stolen data facilitates impersonation via T1078.004 (Cloud Accounts) for cloud portal access.