Strix
26.1K

CVE-2024-11969

HIGHCVSS 8.8/10EPSS 0.16%

Last modified

CVE-2024-11969 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. The NetCloud Exchange client for Windows, version 1.110.50, contains an insecure file and folder permissions vulnerability. A normal (non-admin) user could exploit the weakness in file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. EPSS estimates a 0.16% chance of exploitation in the next 30 days.

Description

The NetCloud Exchange client for Windows, version 1.110.50, contains an insecure file and folder permissions vulnerability. A normal (non-admin) user could exploit the weakness in file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control permissions exist on the ‘Everyone’ group (i.e. any user who has local access to the operating system regardless of their privileges).

Metrics

CVSS 3.1
8.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Probability
0.16%

5.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

References

Timeline

Published
Last Modified
Status
Deferred

Frequently Asked Questions

What is CVE-2024-11969?
The NetCloud Exchange client for Windows, version 1.110.50, contains an insecure file and folder permissions vulnerability. A normal (non-admin) user could exploit the weakness in file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control permissions exist on the ‘Everyone’ group (i.e. any user who has local access to the operating system regardless of their privileges).
How severe is CVE-2024-11969?
CVE-2024-11969 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.16% probability of exploitation in the next 30 days.
How do I fix CVE-2024-11969?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-11969?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST