CVE-2024-6364

EPSS 0.03%
Published 13.05.2025 17:00:07
Last modified 15.07.2025 16:24:00
Source SecurityResponse@netmotionsoft
Teams watchlist Login
Open Login

A vulnerability in Absolute Persistence® versions before 2.8 exists when it is not activated. This may allow a skilled attacker with both physical access to the device, and full hostile network control, to initiate OS commands on the device.  To remediate this vulnerability, update the device firmware to the latest available version. Please contact the device manufacturer for upgrade instructions or contact Absolute Security, see reference below.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Absolute ≫ Persistence Version < 2.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.085

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.4	0.5	5.9	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
SecurityResponse@netmotionsoftware.com	6.9	0	0	CVSS:4.0/AV:P/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://www.absolute.com/platform/vulnerability-archive/cve-2024-6364

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-6364

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-6364

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-6364

EUVD