CVE-2024-12908
CVSS 3.1 Score 6.9 of 10 (medium)
Details
Summary
CVE-2024-12908 is a vulnerability affecting Delinea's Secret Server v11.7.31 with protocol handler version 6.0.3.26. The issue arises due to improper URI comparison before normalization and canonicalization, making it possible for attackers to overmatch approved lists. Successful exploitation could lead remote attackers to convince users to visit malicious web pages or open infected documents, triggering the vulnerable handler and enabling arbitrary code execution on the user's machine. Delinea has since implemented additional validation to ensure downloaded installer batch files adhere to the expected format.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.