CVE-2024-39870

Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.2 SP1

Description: A vulnerability has been identified in the SINEMA Remote Connect Server. The affected applications can be configured to allow users to manage their own users. A local authenticated user with this privilege could use this to modify users outside of their own scope as well as to escalate privileges. The vulnerability is related to the implementation of security functions on the client side, which could allow a remote attacker to elevate their privileges.

Recommendations: For versions prior to V3.2 SP1, update to V3.2 SP1 or later to resolve the issue. As a temporary workaround, consider restricting the privilege to manage own users to minimize the risk of exploitation. Additionally, restrict access to the user management functionality to authorized personnel only.