CVE-2024-40872

Name of the Vulnerable Software and Affected Versions Absolute Secure Access versions prior to 13.07

Description The issue is related to an elevation of privilege vulnerability in server and client components. Attackers with local access and valid desktop user credentials can elevate their privilege to system level by passing invalid address data to the vulnerable component. This could be used to manipulate process tokens to elevate the privilege of a normal process to System. The impact to system confidentiality and integrity is high, while the impact to the availability of the affected component is none.

Recommendations For versions prior to 13.07, update to version 13.07 or later to resolve the issue. As a temporary workaround, consider restricting local access and validating user credentials to minimize the risk of exploitation. Additionally, restrict the use of the vulnerable component until a patch is available.