CVE-2024-23764

Vulnerability

CVE-2024-23764 is a local privilege escalation vulnerability affecting WithSecure Client Security 15 and later, WithSecure Server Security 15 and later, WithSecure Email and Server Security 15 and later, and WithSecure Elements Endpoint Protection 17 and later [1]. The vulnerability allows a local user with administrator privileges to corrupt kernel memory [2]. The exact code path and conditions are not detailed in the available references, but the issue is present during installation or update processes [1].

Exploitation

An attacker must have local access to the system with administrator-level privileges [2]. The exploitation sequence is not publicly disclosed, but it involves corrupting kernel memory [2]. WithSecure has stated they are not aware of any known exploits for this vulnerability as of the advisory publication [2].

Impact

Successful exploitation could allow an attacker to escalate their privileges further, potentially gaining full control of the affected system [2]. The impact is local privilege escalation, with the attacker’s privileges increased within the compromised environment [2].

Mitigation

As of the advisory publication date (2024-02-08), WithSecure had not released a fix for this vulnerability [2]. Users should monitor the advisory page for updates; no workarounds are mentioned in the available references [2]. The vendor is not aware of any active exploitation [2].