CVE-2024-55957
Published: 22 January 2025
Description
In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10, the driver packages have a local privilege escalation vulnerability due to improper access control permissions on Windows systems.
Security Summary
CVE-2024-55957 is a local privilege escalation vulnerability (CWE-276) in the driver packages of Thermo Fisher Scientific Xcalibur before version 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10 on Windows systems. The issue arises from improper access control permissions, with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of required user interaction. Successful exploitation allows the attacker to achieve high impacts on confidentiality, integrity, and availability, enabling privilege escalation on the affected Windows system.
Thermo Fisher advisories recommend updating to Xcalibur 4.7 SP1 or later and ICSW 3.1 SP10 or later to mitigate the vulnerability. Further details are provided in the security guide at https://assets.thermofisher.com/TFS-Assets/CORP/Product-Guides/Thermo_Scientific_Xcalibur_and_Foundation.pdf and on https://thermofisher.com.
Details
- CWE(s)