CVE-2024-11969

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 28, 2024
CWE ID 276

Summary

CVE-2024-11969 is a vulnerability affecting the NetCloud Exchange client for Windows, version 1.110.50. This issue involves insecure file and folder permissions, which can be exploited by a non-admin user to escalate privileges and execute arbitrary code. The vulnerability arises from full control permissions that are granted to the 'Everyone' group, making it possible for any local user to take advantage of the weakness, regardless of their privileges. This can lead to unauthorized access, data theft, and long-term compromise of the affected machine.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share