CVE-2024-12908

CVSS 3.1 Score 6.9 of 10 (medium)

Details

Published Dec 26, 2024

Updated: Dec 27, 2024

CWE ID 94

Summary

CVE-2024-12908 is a vulnerability affecting Delinea's Secret Server v11.7.31 with protocol handler version 6.0.3.26. The issue lies in the function that compares URIs before normalization and canonicalization, increasing the risk of overmatching against approved lists. Exploitation of this vulnerability could allow a remote attacker to persuade a user to visit a malicious website or open a malicious document, triggering the vulnerable handler and enabling arbitrary code execution on the user's machine. Delinea resolved this issue by implementing additional validation for the downloaded installer's batch file format.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Delinea Secret Server

Affected Vendors

Delinea, Inc.

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners