CVE-2024-7061

Published: Aug 7, 2024Modified: Aug 28, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking. The vulnerability is fixed in Okta Verify for Windows version 5.0.2. To remediate this vulnerability, upgrade to 5.0.2 or greater.

Affected (1)

Products: Okta: Verify

Okta

1 product

Verify

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Okta Verify	Before 5.0.2

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (2)

https://help.okta.com/oie/en-us/content/topics/releasenotes/oie-ov-release-notes.htm#panel4

Source: psirt@okta.com

Not ApplicableRelease Notes

https://trust.okta.com/security-advisories/okta-verify-for-windows-privilege-escalation-cve-2024-7061/

Source: psirt@okta.com

Vendor Advisory

Timeline

No history available yet.