CVE-2024-7061

{"id": "CVE-2024-7061", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "psirt@okta.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-08-07T17:15:52.113", "references": [{"url": "https://help.okta.com/oie/en-us/content/topics/releasenotes/oie-ov-release-notes.htm#panel4", "tags": ["Not Applicable", "Release Notes"], "source": "psirt@okta.com"}, {"url": "https://trust.okta.com/security-advisories/okta-verify-for-windows-privilege-escalation-cve-2024-7061/", "tags": ["Vendor Advisory"], "source": "psirt@okta.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-427"}]}, {"type": "Secondary", "source": "psirt@okta.com", "description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking. The vulnerability is fixed in Okta Verify for Windows version 5.0.2. To remediate this vulnerability, upgrade to 5.0.2 or greater."}, {"lang": "es", "value": "Okta Verify para Windows es vulnerable a la escalada de privilegios mediante el secuestro de DLL. La vulnerabilidad se solucion\u00f3 en Okta Verify para Windows versi\u00f3n 5.0.2. Para corregir esta vulnerabilidad, actualice a 5.0.2 o superior."}], "lastModified": "2024-08-28T18:25:38.217", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:okta:verify:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "951E2564-0B8A-49B9-A130-4647DF323B7E", "versionEndExcluding": "5.0.2"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@okta.com"}