www.belgium.be Logo of the federal government

WARNING: IMPROPER PRIVILEGE MANAGEMENT VULNERABILITIES IN UPKEEPER'S INSTANT PRIVILEGE ACCESS V1.1 AND BELOW, PATCH IMMEDIATELY!

Referentie: 
Advisory #2024-272
Versie: 
1.0
Geïmpacteerde software: 
upKeeper Instant Privilege Access v1.1 and below
Type: 
Improper Privilege Management vulnerabilities
CVE/CVSS: 

CVE-2024-9478 / CVSS:10 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)
CVE-2024-9479 / CVSS:10 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)

Bronnen

upKeeper: https://upkeeper.se/en/upkeeper-ipa/

upKeeper Support: https://support.upkeeper.se/hc/en-us/articles/17007638130716-CVE-2024-9478-Improper-Privilege-Management-Process

upKeeper Support: https://support.upkeeper.se/hc/en-us/articles/17007729905436-CVE-2024-9479-Improper-Privilege-Management-Subprocess

Risico’s

upKeeper's Instant Privilege Access software is a solution that focuses on managing a user’s own admin rights. It allows an organization to grant selected users or groups of users via their computers predetermined elevated rights with full control and traceability.

Two vulnerabilities (CVE-2024-9478 and CVE-2024-9479) exist in versions v1.1 and below. If left unpatched, the affected software and data are vulnerable to low complexity privilege escalation attacks which could have a high impact on confidentiality, integrity and/or availability.

There are no known proof of concept exploits or indications that these vulnerabilities are being actively exploited. Both vulnerabilities are fixed in version 1.2.

Beschrijving

Both CVE-2024-9478 and CVE-2024-9479 are of the Improper Privilege Management type.

If exploited successfully, the vulnerabilities can allow an attacker to escalate privileges and run unallowed applications or processes in elevated mode.

Aanbevolen acties

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
 
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

Referenties

NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9478

NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9479