Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2.
Improper privilege management (CWE-266) in the upKeeper Instant Privilege Access product allows an attacker to perform privilege escalation. The vulnerability does not require authentication, user interaction, or fulfillment of special preconditions, making it trivially exploitable remotely.
An attacker can obtain elevated privileges in the system, potentially taking full control over the environment managed by upKeeper Instant Privilege Access, including protected resources and sensitive data.
Update upKeeper Instant Privilege Access to version 1.2 or newer. Detailed information is available in the vendor's bulletin at: https://support.upkeeper.se/hc/en-us/articles/17007638130716-CVE-2024-9478-Improper-Privilege-Management-Process
upKeeper Instant Privilege Access in versions prior to 1.2
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X