CVE-2024-11467

Published: Feb 4, 2025Modified: Feb 5, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: de5a6978-88fe-4c27-a7df-d0d5b52d5b52 (Secondary)

Description

Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a logic flaw. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed.

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://static.omnissa.com/sites/default/files/OMSA-2024-0002.pdf

Source: de5a6978-88fe-4c27-a7df-d0d5b52d5b52

https://www.omnissa.com/omnissa-security-response/

Source: de5a6978-88fe-4c27-a7df-d0d5b52d5b52

Timeline

No history available yet.