CVE-2024-46464
Published: 09 January 2025
Description
In PRIMX ZED Enterprise up to 2024.3, technical files stored in local folders with common user access can be manipulated to render the host computer unavailable or to execute programs with an elevation of privilege.
Security Summary
CVE-2024-46464 affects PRIMX ZED Enterprise versions up to 2024.3. The vulnerability stems from technical files stored in local folders that have common user access, allowing these files to be manipulated. This issue is classified under CWE-276 (Incorrect Default Permissions) and carries a CVSS v3.1 base score of 7.8 (High), with vector AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H, indicating local access required, high attack complexity, no privileges or user interaction needed, changed scope, high confidentiality and availability impacts, and no integrity impact.
A local attacker can exploit this vulnerability by manipulating the accessible technical files, potentially rendering the host computer unavailable (denial of service) or executing arbitrary programs with elevated privileges. The attack requires no prior privileges (PR:N) but demands high complexity (AC:H), making it feasible for unprivileged local users who can access the shared folders.
For mitigation details, refer to the vendor's security bulletin at https://www.primx.eu/en/bulletins/security-bulletin-24931935/.
Details
- CWE(s)