SecureAge Technology has released updates to address a critical privilege escalation vulnerability in its SecureAge Security Suite. The vulnerability, tracked as CVE-2024-46622 and assigned a CVSS score of 9.8, could allow attackers to gain unauthorized access to sensitive files and system resources.
“An ‘Escalation of Privilege’ security vulnerability was found in SecureAge Security Suite software that allowed file creation, modification and deletion in Microsoft Windows privileged file path location,” states the security advisory.
The vulnerability arises from the way SecureAge handles symbolic links in Windows. An attacker could exploit this flaw by crafting specific symbolic links that, when interacted with by SecureAge software, could grant access to restricted file system locations.
“An Windows logged in user could exploit this vulnerability by creating specific symbolic links on the system, which can then lead to the creation, modification and deletion of files located in privileged file path locations when the SecureAge software was running,” the advisory explains.
This vulnerability affects SecureAge Security Suite versions 7.0.37, 7.1.10, 8.0.17, 8.1.17 and earlier. To remediate this vulnerability, SecureAge urges users to update their software to versions 7.0.38, 7.1.11, 8.0.18, 8.1.18 or later.
The vulnerability was discovered by security researchers from GovTech Cyber Security Group (CSG) and CSA Cyber Security Engineering Centre (CSEC) in Singapore. Their responsible disclosure allowed SecureAge to develop and release a patch before any malicious exploitation was reported.
Users of SecureAge Security Suite are strongly encouraged to apply the available updates to protect their systems and data from potential attacks.
