CVE-2024-39755

Oct. 4, 2024, 1:50 p.m.

7.8
High

Description

A privilege escalation vulnerability exists in the Veertu Anka Build 1.42.0. The vulnerability occurs during Anka node agent update. A low privilege user can trigger the update action which can result in unexpected elevation of privilege.

Product(s) Impacted

Product Versions
Veertu Anka Build
  • ['1.42.0']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-282
Improper Ownership Management
The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2060

Tags

talos-cna@cisco.com
CWE-282
2024-10-03
CVE-2024-39755

CVSS Score

7.8 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: Oct. 3, 2024, 4:15 p.m.
Last Modified: Oct. 4, 2024, 1:50 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

talos-cna@cisco.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.