CVE-2024-11969

The NetCloud Exchange client for Windows, version 1.110.50, contains an insecure file and folder permissions vulnerability. A normal (non-admin) user could exploit the weakness in file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control permissions exist on the ‘Everyone’ group (i.e. any user who has local access to the operating system regardless of their privileges).

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-default-permissions-cradlepoint-netcloud-exchange

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) El cliente NetCloud Exchange para Windows, versión 1.110.50, contiene una vulnerabilidad de permisos de archivos y carpetas no seguros. Un usuario normal (no administrador) podría explotar la debilidad en los permisos de archivos y carpetas para aumentar los privilegios, ejecutar código arbitrario y mantener la persistencia en la máquina comprometida. Se ha identificado que existen permisos de control total en el grupo "Todos" (es decir, cualquier usuario que tenga acceso local al sistema operativo independientemente de sus privilegios).

28 Nov 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-28 16:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-11969

Mitre link : CVE-2024-11969

CVE.ORG link : CVE-2024-11969

JSON object : View

Products Affected

No product.

CWE

CWE-276

Incorrect Default Permissions

8.8 /10