HomepageOkta logo

Okta Verify for Windows Privilege Escalation CVE-2024-7061

View all security advisories

Description

Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking.

Affected product and versions

Customers using Okta Verify for Windows before version 5.0.2.

Note: Customers using Okta Verify on platforms other than Windows are not affected.

Resolution

The vulnerability is fixed in Okta Verify for Windows version 5.0.2. To remediate this vulnerability, upgrade to 5.0.2 or greater.

CVE details

CVE ID

CVE-2024-7061

Published Date

2024-08-07

Vulnerability Type

Improper Limitation of a Pathname to a Restricted Directory, Uncontrolled Search Path or Element

CWE

CWE-22, CWE-427

CVSS v3

Score: 5.5

Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Acknowledgments

Okta would like to thank Ryan Wincey of Securifera, Inc. for discovering this vulnerability.

References

Okta Verify release notes for Identity Engine

  • Okta.com
  • Privacy
  • Security Advisories
  • Security Blog

© 2024 Okta, Inc. All rights reserved.