Security Bulletin 24931935
Manipulation of ZED! technical files can allow an elevation of privilege
Security Bulletin 24931935
CVE-2024-46464 11/12/2024 (ZED!)
Manipulation of ZED! technical files can allow an elevation of privilege.
SUMMARY
Technical files stored in local folders with common user access can be manipulated to render the host computer unavailable or to execute programs with an elevation of privilege.
CVSS SCORE: BASE 7.8 HIGH
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): High (H)
- Privileges required (PR): None (N)
- User interaction (UI): None (N)
- Scope (S): Changed (C)
- Confidentiality (C): High (H)
- Integrity (I): None (N)
- Availability (A): High (H
DETAILS
- CVEID : 2024-46464 (created on 11/12/2024)
AFFECTED PRODUCTS AND VERSIONS
All versions of ZED! ENTREPRISE Windows
SOLUTIONS AND RECOMMENDATIONS
Correcting this vulnerability requires a configuration change (security policies).
Note for certified and qualified versions: the configuration indicated in the “Conditions” chapter of ANSSI Qualification decisions has been updated with these new recommendations. Certified and qualified versions are therefore unchanged, but ZED! configuration must comply with the latest recommendations.
Details are provided in the customer space.
ACKNOWLEDGEMENTS
Nicolas RODRIGUES from OPPIDA Evaluation Center.
