Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-11467
PUBLISHED
More InfoOfficial Page
Assigner-Omnissa
Assigner Org ID-de5a6978-88fe-4c27-a7df-d0d5b52d5b52
View Known Exploited Vulnerability (KEV) details
Published At-04 Feb, 2025 | 22:12
Updated At-05 Feb, 2025 | 15:05
Rejected At-
▼CVE Numbering Authority (CNA)

Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a logic flaw. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed.

Affected Products
Vendor
Omnissa
Product
Omnissa Horizon Client for MacOS
Platforms
  • MacOS
Default Status
unaffected
Versions
Affected
  • Omnissa Horizon Client for macOS 2406 or earlier
Problem Types
TypeCWE IDDescription
N/AN/ALogic Flaw Vulnerability
Type: N/A
CWE ID: N/A
Description: Logic Flaw Vulnerability
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-233CAPEC-233 Privilege Escalation
CAPEC ID: CAPEC-233
Description: CAPEC-233 Privilege Escalation
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
Omnissa would like to thank Paul Montgomery (@nullevent) of TikTok US Data Security, Red Team for reporting this issue to us.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://static.omnissa.com/sites/default/files/OMSA-2024-0002.pdf
N/A
https://www.omnissa.com/omnissa-security-response/
N/A
Hyperlink: https://static.omnissa.com/sites/default/files/OMSA-2024-0002.pdf
Resource: N/A
Hyperlink: https://www.omnissa.com/omnissa-security-response/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-269CWE-269 Improper Privilege Management
Type: CWE
CWE ID: CWE-269
Description: CWE-269 Improper Privilege Management
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found