Security Bulletin 24932296
Manipulation of CRYHOD technical files can allow an elevation of privilege
High
Security Bulletin 24932296
CVE-2024-46465 11/12/2024 (CRYHOD)
Manipulation of CRYHOD technical files can allow an elevation of privilege.
SUMMARY
Technical files stored in local folders with common user access can be manipulated to render the host computer unavailable or to execute programs with an elevation of privilege.
CVSS SCORE: BASE 7.8 HIGH
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): High (H)
- Privileges required (PR): None (N)
- User interaction (UI): None (N)
- Scope (S): Changed (C)
- Confidentiality (C): High (H)
- Integrity (I): None (N)
- Availability (A): High (H
DETAILS
- CVEID : 2024-46465 (created on 11/12/2024)
AFFECTED PRODUCTS AND VERSIONS
All versions of CRYHOD Windows (qualified versions used within the scope of qualification are not affected).
SOLUTIONS AND RECOMMENDATIONS
Correcting this vulnerability requires a configuration change (security policies).
Details are provided in the customer space.
ACKNOWLEDGEMENTS
Nicolas RODRIGUES from OPPIDA Evaluation Center.
