Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: IMPROPER PRIVILEGE MANAGEMENT VULNERABILITIES IN UPKEEPER'S INSTANT PRIVILEGE ACCESS V1.1 AND BELOW, PATCH IMMEDIATELY!
Image
Published : 21/11/2024
Reference:
Advisory #2024-272
Version:
1.0
Affected software:
upKeeper Instant Privilege Access v1.1 and below
Type:
Improper Privilege Management vulnerabilities
CVE/CVSS:
CVE-2024-9478 / CVSS:10 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)
CVE-2024-9479 / CVSS:10 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)
Sources
upKeeper: https://upkeeper.se/en/upkeeper-ipa/
upKeeper Support: https://support.upkeeper.se/hc/en-us/articles/17007638130716-CVE-2024-9478-Improper-Privilege-Management-Process
upKeeper Support: https://support.upkeeper.se/hc/en-us/articles/17007729905436-CVE-2024-9479-Improper-Privilege-Management-Subprocess
Risks
upKeeper's Instant Privilege Access software is a solution that focuses on managing a user’s own admin rights. It allows an organization to grant selected users or groups of users via their computers predetermined elevated rights with full control and traceability.
Two vulnerabilities (CVE-2024-9478 and CVE-2024-9479) exist in versions v1.1 and below. If left unpatched, the affected software and data are vulnerable to low complexity privilege escalation attacks which could have a high impact on confidentiality, integrity and/or availability.
There are no known proof of concept exploits or indications that these vulnerabilities are being actively exploited. Both vulnerabilities are fixed in version 1.2.
Description
Both CVE-2024-9478 and CVE-2024-9479 are of the Improper Privilege Management type.
If exploited successfully, the vulnerabilities can allow an attacker to escalate privileges and run unallowed applications or processes in elevated mode.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.