CVE-2024-9875

{"id": "CVE-2024-9875", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2024-9875", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2024-11-22T15:23:16.211195Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "psirt@okta.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "affected": [{"source": "psirt@okta.com", "affectedData": [{"vendor": "Okta", "product": "Okta Privileged Access Server Agent (SFTD)", "versions": [{"status": "affected", "version": "1.82.0", "lessThan": "1.84.0", "versionType": "semver"}], "defaultStatus": "unaffected"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "affectedData": [{"cpes": ["cpe:2.3:a:okta:privileged_access_server_agent_sftd:*:*:*:*:*:*:*:*"], "vendor": "okta", "product": "privileged_access_server_agent_sftd", "versions": [{"status": "affected", "version": "1.82.0", "lessThan": "1.84.0", "versionType": "semver"}], "defaultStatus": "unaffected"}]}], "published": "2024-11-21T09:54:49.903", "references": [{"url": "https://help.okta.com/asa/en-us/content/topics/releasenotes/advanced-server-access-release-notes.htm", "source": "psirt@okta.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "psirt@okta.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Okta Privileged Access server agent (SFTD) versions 1.82.0 to 1.84.0 are affected by a privilege escalation vulnerability when the sudo command bundles feature is enabled. To remediate this vulnerability, upgrade the Okta Privileged Access server agent (SFTD) to version 1.87.1 or greater."}, {"lang": "es", "value": "Las versiones 1.82.0 a 1.84.0 de Okta Privileged Access server agent (SFTD) se ven afectadas por una vulnerabilidad de escalada de privilegios cuando la funci\u00f3n de paquetes de comandos sudo est\u00e1 habilitada. Para solucionar esta vulnerabilidad, actualice el agente de servidor de acceso privilegiado de Okta (SFTD) a la versi\u00f3n 1.87.1 o posterior."}], "lastModified": "2026-06-17T08:25:25.387", "sourceIdentifier": "psirt@okta.com"}