Vulnerability Description
An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory (used by .NET Shadow Copies) such that privilege escalation can occur if the core agent service loads that file.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://docs.delinea.com/online-help/privilege-manager/release-notes/12.0.1-comb
- https://www.cyberark.com/resources/threat-research-blog/identity-crisis-the-curi
- https://docs.delinea.com/online-help/privilege-manager/release-notes/12.0.1-comb
FAQ
What is CVE-2024-39708?
CVE-2024-39708 is a vulnerability with a CVSS score of 7.0 (HIGH). An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to ...
How severe is CVE-2024-39708?
CVE-2024-39708 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-39708?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.