CVE-2024-39872

Name of the Vulnerable Software and Affected Versions SINEMA Remote Connect Server versions prior to V3.2 SP1

Description A vulnerability has been identified in the SINEMA Remote Connect Server, where the affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with the 'Manage firmware updates' role to escalate their privileges on the underlying OS level. The vulnerability is related to the creation of temporary files with insecure permissions, which can be exploited by a remote attacker to elevate their privileges.

Recommendations For versions prior to V3.2 SP1, update to V3.2 SP1 or later to resolve the issue. As a temporary workaround, consider restricting the 'Manage firmware updates' role to minimize the risk of exploitation. Additionally, ensure that all temporary files created during the update process are properly secured to prevent unauthorized access.