CVE-2024-39708 HIGH

CVE-2024-39708

Vendor N/A
Product n/a
Published June 27, 2024
Last update October 31, 2024

CVSS base score

7.0/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N

What the vulnerability does

01Description

An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory (used by .NET Shadow Copies) such that privilege escalation can occur if the core agent service loads that file.

Key dates

02Disclosure timeline

June 27, 2024 CVE published
October 31, 2024 Record updated