CVE-2024-11969 HIGH

CVE-2024-11969: Incorrect default permissions in Cradlepoint NetCloud Exchange

Vendor Cradlepoint
Product NetCloud Exchange Client
Weakness CWE-276
Published November 28, 2024
Last update November 29, 2024

CVSS base score

8.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

The NetCloud Exchange client for Windows, version 1.110.50, contains an insecure file and folder permissions vulnerability. A normal (non-admin) user could exploit the weakness in file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control permissions exist on the ‘Everyone’ group (i.e. any user who has local access to the operating system regardless of their privileges).

Key dates

02Disclosure timeline

November 28, 2024 CVE published
November 29, 2024 Record updated