CVSS: 8.8EPSS: 0%CPEs: 76EXPL: 0CVE-2024-20398 – Cisco IOS XR Software Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-20398
A successful exploit could allow the attacker to elevate privileges to root. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-CrG5vhCq • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-8441
https://notcve.org/view.php?id=CVE-2024-8441
An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM. • https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-44107
https://notcve.org/view.php?id=CVE-2024-44107
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-44106
https://notcve.org/view.php?id=CVE-2024-44106
Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-44104
https://notcve.org/view.php?id=CVE-2024-44104
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC • CWE-290: Authentication Bypass by Spoofing •