CVE-2024-23764

Published: Feb 8, 2024Modified: May 15, 2025

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15 and later, WithSecure Server Security 15 and later, WithSecure Email and Server Security 15 and later, and WithSecure Elements Endpoint Protection 17 and later.

Affected (4)

Products: Withsecure: Client Security, Server Security, Email And Server Security, Elements Endpoint Protection

4 products

Client Security

Server Security

Email And Server Security

Elements Endpoint Protection

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Withsecure Client Security	Version 15

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Withsecure Server Security	Version 15

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Withsecure Email And Server Security	Version 15

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Withsecure Elements Endpoint Protection	Version 17

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

https://www.withsecure.com/en/support/security-advisories

Source: cve@mitre.org

Product

https://www.withsecure.com/en/support/security-advisories/cve-2024-23764

Source: cve@mitre.org

Vendor Advisory

https://www.withsecure.com/en/support/security-advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://www.withsecure.com/en/support/security-advisories/cve-2024-23764

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.