CVE-2024-40872

HIGH Year: 2024
CVSS v3 Score
8.4
High
Weakness Type
CWE-822
View all →

Vulnerability Description

There is an elevation of privilege vulnerability in server and client components of Absolute Secure Access prior to version 13.07. Attackers with local access and valid desktop user credentials can elevate their privilege to system level by passing invalid address data to the vulnerable component. This could be used to manipulate process tokens to elevate the privilege of a normal process to System. The scope is changed, the impact to system confidentiality and integrity is high, the impact to the availability of the effected component is none.

Related Vulnerabilities

CVE-2023-29360

HIGH
CVSS:8.4(High)

Microsoft Streaming Service Elevation of Privilege Vulnerability

CWE-8222023

CVE-2024-34023

MEDIUM
CVSS:8.4(High)

Untrusted pointer dereference in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-8222024

CVE-2025-20018

MEDIUM
CVSS:8.4(High)

Untrusted pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-8222025

CVE-2025-24084

HIGH
CVSS:8.4(High)

Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.

CWE-8222025

CVE-2022-26942

HIGH
CVSS:8.2(High)

The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment (TEE) modules. Two modules are used, one responsible for KVL key management and the o...

CWE-8222022

CVE-2023-42772

HIGH
CVSS:8.2(High)

Untrusted pointer dereference in UEFI firmware for some Intel(R) reference processors may allow a privileged user to potentially enable escalation of privilege via local access.

CWE-8222023