CVE-2024-13972 | THREATINT

Description

A vulnerability related to registry permissions in the Intercept X for Windows updater prior to Core Agent version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade.

PUBLISHED Reserved 2025-07-10 | Published 2025-07-17 | Updated 2025-08-03 | Assigner Sophos

HIGH: 8.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-276 Incorrect Default Permissions

Product status

Default status

unaffected

Any version before 2024.3.2

affected

Credits

Filip Dragovic of MDSec (https://www.mdsec.co.uk/) finder

References

www.sophos.com/...rity-advisories/sophos-sa-20250717-cix-lpe

cve.org (CVE-2024-13972)

nvd.nist.gov (CVE-2024-13972)

Download JSON