CVE-2024-39708

Name of the Vulnerable Software and Affected Versions Delinea Privilege Manager versions prior to 12.0.1096

Description A local privilege escalation issue was discovered in Delinea Privilege Manager, allowing a non-administrator user to potentially execute arbitrary code as SYSTEM by exploiting a dynamic-link library (DLL) search order hijacking vulnerability. This occurs when the core agent service loads a crafted DLL file from a temporary directory used by .NET Shadow Copies.

Recommendations For versions prior to 12.0.1096, update to version 12.0.1096 or later to resolve the issue. As a temporary workaround, consider restricting access to the temporary directory used by .NET Shadow Copies to minimize the risk of exploitation.