CVE-2024-7253

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Nov 26, 2024
CWE ID 427

Summary

CVE-2024-7253 is a local privilege escalation vulnerability affecting NoMachine's nxnode.exe. An attacker must initially gain the ability to execute low-privileged code on the target system. The flaw arises from the software's failure to securely load a library, allowing an attacker to manipulate the search path and escalate privileges. This vulnerability can ultimately lead to arbitrary code execution with SYSTEM privileges. (ZDI-CAN-24039)

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • NoMachine

Affected Vendors

  • NoMachine S.à r.l.