Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-52926

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-18 Nov, 2024 | 00:00
Updated At-06 Jan, 2025 | 17:55
Rejected At-
Credits

Delinea Privilege Manager before 12.0.2 mishandles the security of the Windows agent.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:18 Nov, 2024 | 00:00
Updated At:06 Jan, 2025 | 17:55
Rejected At:
▼CVE Numbering Authority (CNA)

Delinea Privilege Manager before 12.0.2 mishandles the security of the Windows agent.

Affected Products
Vendor
Delinea
Product
Privilege Manager
Default Status
unaffected
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
CWECWE-269CWE-269 Improper Privilege Management
Type: CWE
CWE ID: CWE-269
Description: CWE-269 Improper Privilege Management
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Osanda Jayathissa of Visa
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://docs.delinea.com/online-help/privilege-manager/release-notes/12.0.2-combined.htm
release-notes
https://trust.delinea.com/?tcuUid=3be1a12c-97c9-431e-a51a-0c25da19ec86
vendor-advisory
Hyperlink: https://docs.delinea.com/online-help/privilege-manager/release-notes/12.0.2-combined.htm
Resource:
release-notes
Hyperlink: https://trust.delinea.com/?tcuUid=3be1a12c-97c9-431e-a51a-0c25da19ec86
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
delinea_privilege_manager
Product
delinea_privilege_manager
CPEs
  • cpe:2.3:a:delinea_privilege_manager:delinea_privilege_manager:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 12.0.2 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-276CWE-276 Incorrect Default Permissions
Type: CWE
CWE ID: CWE-276
Description: CWE-276 Incorrect Default Permissions
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:1443cd92-d354-46d2-9290-d812316ca43a
Published At:18 Nov, 2024 | 04:15
Updated At:24 Dec, 2024 | 19:15

Delinea Privilege Manager before 12.0.2 mishandles the security of the Windows agent.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Secondary3.17.3HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-269Secondary1443cd92-d354-46d2-9290-d812316ca43a
CWE-276Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-269
Type: Secondary
Source: 1443cd92-d354-46d2-9290-d812316ca43a
CWE ID: CWE-276
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://docs.delinea.com/online-help/privilege-manager/release-notes/12.0.2-combined.htm1443cd92-d354-46d2-9290-d812316ca43a
N/A
https://trust.delinea.com/?tcuUid=3be1a12c-97c9-431e-a51a-0c25da19ec861443cd92-d354-46d2-9290-d812316ca43a
N/A
https://docs.delinea.com/online-help/privilege-manager/release-notes/12.0.2-combined.htmcve@mitre.org
N/A
Hyperlink: https://docs.delinea.com/online-help/privilege-manager/release-notes/12.0.2-combined.htm
Source: 1443cd92-d354-46d2-9290-d812316ca43a
Resource: N/A
Hyperlink: https://trust.delinea.com/?tcuUid=3be1a12c-97c9-431e-a51a-0c25da19ec86
Source: 1443cd92-d354-46d2-9290-d812316ca43a
Resource: N/A
Hyperlink: https://docs.delinea.com/online-help/privilege-manager/release-notes/12.0.2-combined.htm
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

62Records found
CVE-2022-0556
Matching Score-4
Assigner-Zyxel Corporation
ShareView Details
Matching Score-4
Assigner-Zyxel Corporation
CVSS Score-7.3||HIGH
EPSS-0.04% / 9.97%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 11:50
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-zyxel_ap_configuratorZyxel AP Configurator (ZAC)
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-12510
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.3||HIGH
EPSS-0.21% / 43.22%
||
7 Day CHG~0.00%
Published-19 Nov, 2020 | 17:07
Updated-16 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Beckhoff: Privilege Escalation through TwinCat System

The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which allow every local user to modify the content. The default installation registers TcSysUI.exe for automatic execution upon log in of a user. If a less privileged user has a local account he or she can replace TcSysUI.exe. It will be executed automatically by another user during login. This is also true for users with administrative access. Consequently, a less privileged user can trick a higher privileged user into executing code he or she modified this way. By default Beckhoff’s IPCs are shipped with TwinCAT software installed this way and with just a single local user configured. Thus the vulnerability exists if further less privileged users have been added.

Action-Not Available
Vendor-Beckhoff Automation GmbH & Co. KG
Product-twincat_extended_automation_runtimeTwinCat XAR 3.1
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-10049
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.04% / 12.43%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 18:06
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The start-stop scripts for the services of the affected application could allow a local attacker to include arbitrary commands that are executed when services are started or stopped interactively by system administrators.

Action-Not Available
Vendor-Siemens AG
Product-simatic_rtls_locating_managerSIMATIC RTLS Locating Manager
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-0133
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.3||HIGH
EPSS-0.01% / 0.25%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 14:43
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In MockLocationAppPreferenceController.java, it is possible to mock the GPS location of the device due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145136060

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-21945
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.3||HIGH
EPSS-0.02% / 4.01%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:15
Updated-18 Dec, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the AMD RyzenTM Master monitoring SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_master_monitoring_software_development_kitAMD Ryzen™ Master Monitoring SDKryzen_master
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-31349
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.3||HIGH
EPSS-0.02% / 4.37%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 16:57
Updated-12 Dec, 2024 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the AMD μProf installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-uprofμProf Toolamd_uprof
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-58104
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.3||HIGH
EPSS-0.01% / 0.87%
||
7 Day CHG-0.01%
Published-25 Mar, 2025 | 17:37
Updated-01 Aug, 2025 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-apex_oneTrend Micro Apex One as a ServiceTrend Micro Apex One
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-31360
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.3||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 20:01
Updated-12 Feb, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the AMD Integrated Management Technology (AIM-T) Manageability Service installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AIM-T(AMD Integrated Management Technology) software
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-31358
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.3||HIGH
EPSS-0.02% / 2.33%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 17:14
Updated-16 May, 2025 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-aim-t_manageability_apiAIM-T Manageability API
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-36945
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-1.03% / 76.38%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 18:12
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows 10 Update Assistant Elevation of Privilege Vulnerability

Windows 10 Update Assistant Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_update_assistantWindows Update Assistant
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1706
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.68% / 70.55%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-19 Nov, 2024 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows LUAFV Elevation of Privilege Vulnerability

Windows LUAFV Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-0441
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.3||HIGH
EPSS-0.01% / 1.68%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 13:43
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174495520

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
  • Previous
  • 1
  • 2
  • Next
Details not found