Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2.
The vulnerability results from improper privilege management (CWE-266) in the subprocess component of upKeeper Instant Privilege Access. An attacker can, without authentication and without any user interaction, exploit the flaw in the privilege control mechanism to gain a higher access level than granted. The network vector (AV:N) and lack of required prerequisites (AC:L, PR:N, UI:N) indicate that the exploit can be conducted remotely over the network.
Successful exploitation of this vulnerability allows an attacker to gain complete control over the system — in terms of confidentiality, integrity, and availability of data and related systems. It is possible to obtain the highest privileges in the attacked environment.
upKeeper Instant Privilege Access must be immediately updated to version 1.2 or later. Patch details are available in the vendor's support article: https://support.upkeeper.se/hc/en-us/articles/17007729905436-CVE-2024-9479-Improper-Privilege-Management-Subprocess
upKeeper Instant Privilege Access in versions prior to 1.2
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X