CVE-2024-12908

CVSS 3.1 Score 6.9 of 10 (medium)

Details

Published Dec 26, 2024
Updated: Dec 27, 2024
CWE ID 94

Summary

CVE-2024-12908 is a vulnerability affecting Delinea's Secret Server v11.7.31 with protocol handler version 6.0.3.26. The issue arises due to improper URI comparison before normalization and canonicalization, making it possible for attackers to overmatch approved lists. Successful exploitation could lead remote attackers to convince users to visit malicious web pages or open infected documents, triggering the vulnerable handler and enabling arbitrary code execution on the user's machine. Delinea has since implemented additional validation to ensure downloaded installer batch files adhere to the expected format.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share