CVE-2024-24964

Improper access control vulnerability exists in the resident process of SKYSEA Client View versions from Ver.11.220 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary process may be executed with SYSTEM privilege by a user who can log in to the PC where the product's Windows client is installed.

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/jp/JVN54451757/	Third Party Advisory
https://www.skyseaclientview.net/news/240307_01/	Vendor Advisory
https://jvn.jp/en/jp/JVN54451757/	Third Party Advisory
https://www.skyseaclientview.net/news/240307_01/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:skygroup:skysea_client_view:*:*:*:*:*:*:*:*

History

23 May 2025, 14:44

Type	Values Removed	Values Added
CPE		cpe:2.3:a:skygroup:skysea_client_view::::::::
CWE		NVD-CWE-Other
First Time		Skygroup Skygroup skysea Client View
References	~~() https://jvn.jp/en/jp/JVN54451757/ -~~	() https://jvn.jp/en/jp/JVN54451757/ - Third Party Advisory
References	~~() https://www.skyseaclientview.net/news/240307_01/ -~~	() https://www.skyseaclientview.net/news/240307_01/ - Vendor Advisory

Information

Published : 2024-03-12 08:15

Updated : 2025-05-23 14:44

NVD link : CVE-2024-24964

Mitre link : CVE-2024-24964

CVE.ORG link : CVE-2024-24964

JSON object : View

Products Affected

skygroup

skysea_client_view

CWE

NVD-CWE-Other

{"id": "CVE-2024-24964", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}]}, "published": "2024-03-12T08:15:45.327", "references": [{"url": "https://jvn.jp/en/jp/JVN54451757/", "tags": ["Third Party Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://www.skyseaclientview.net/news/240307_01/", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://jvn.jp/en/jp/JVN54451757/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.skyseaclientview.net/news/240307_01/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Improper access control vulnerability exists in the resident process of SKYSEA Client View versions from Ver.11.220 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary process may be executed with SYSTEM privilege by a user who can log in to the PC where the product's Windows client is installed."}, {"lang": "es", "value": "Existe una vulnerabilidad de control de acceso inadecuado en el proceso residente de las versiones de SKYSEA Client View desde la versi\u00f3n 11.220 anterior a la versi\u00f3n 19.2. Si se explota esta vulnerabilidad, un usuario que pueda iniciar sesi\u00f3n en la PC donde est\u00e1 instalado el cliente Windows del producto puede ejecutar un proceso arbitrario con privilegios de SYSTEM."}], "lastModified": "2025-05-23T14:44:17.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:skygroup:skysea_client_view:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2B90F70-573B-45B2-82C9-6160287071CD", "versionEndIncluding": "19.101.01a", "versionStartIncluding": "11.220.05p"}], "operator": "OR"}]}], "sourceIdentifier": "vultures@jpcert.or.jp"}