CVE-2024-8496

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Dec 11, 2024
Updated: Dec 13, 2024
CWE ID 276

Summary

CVE-2024-8496 is a newly disclosed vulnerability affecting Ivanti Workspace Control prior to version 10.18.40.0. This issue permits a local authenticated attacker to exploit insecure permissions and escalate privileges within the system. The attacker can leverage this vulnerability to gain elevated access, potentially leading to unauthorized modifications or data exfiltration. By manipulating specific settings, an attacker can bypass intended access controls and escalate their privileges, posing a significant risk to organizations using the affected Ivanti Workspace Control version. It is strongly recommended that users upgrade to the latest version to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share