Plattform
windows
Komponente
telerik-test-studio
Behoben in
v2023.3.1330
CVE-2024-0833 describes a privilege elevation vulnerability discovered in Telerik Test Studio. This flaw allows a lower-privileged user, within an environment where Telerik Test Studio is already installed, to manipulate the application's installer package to gain elevated privileges on the operating system. The vulnerability impacts versions 2011.0 through 2023.3.1330, and a fix is available in version 2023.3.1330.
The primary impact of CVE-2024-0833 is the potential for privilege escalation. An attacker who can exploit this vulnerability can bypass standard access controls and gain administrative or system-level privileges on the affected machine. This could allow them to install malware, steal sensitive data, modify system configurations, or perform other malicious actions. The vulnerability arises from how the application installer handles existing installations, allowing manipulation of the installation package. This is particularly concerning in environments where user accounts have limited privileges but access to Telerik Test Studio is granted.
CVE-2024-0833 was publicly disclosed on January 31, 2024. Currently, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation. It is not currently listed on the CISA KEV catalog. Given the nature of privilege escalation vulnerabilities, it is reasonable to expect that attackers may attempt to develop exploits once the vulnerability becomes more widely known.
Organizations using Telerik Test Studio for automated testing, particularly those with shared development or testing environments, are at risk. Legacy installations of older Telerik Test Studio versions are especially vulnerable. Environments with relaxed user permission policies or inadequate access controls are also at increased risk.
• windows / supply-chain:
Get-Process -Name "TestStudio" -ErrorAction SilentlyContinue | Select-Object -ExpandProperty ProcessId• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like "*TestStudio*"}• windows / supply-chain:
reg query "HKLM\SOFTWARE\Telerik\TestStudio" /v Versiondisclosure
Exploit-Status
EPSS
0.12% (31% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2024-0833 is to upgrade Telerik Test Studio to version 2023.3.1330 or later. If an immediate upgrade is not possible, consider restricting access to the installation package and monitoring for any unusual installation activity. While a direct workaround is not available, ensuring the principle of least privilege is enforced for user accounts can limit the potential impact. After upgrading, verify the installation integrity by checking the version number and reviewing system logs for any unexpected events.
Actualice Telerik Test Studio a una versión posterior a la 2023.3.1330. Esto solucionará la vulnerabilidad de elevación de privilegios en el instalador.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-0833 is a privilege elevation vulnerability affecting Telerik Test Studio versions 2011.0–2023.3.1330, allowing a lower-privileged user to gain elevated privileges through installer manipulation.
You are affected if you are using Telerik Test Studio versions 2011.0 through 2023.3.1330. Upgrade to v2023.3.1330 to mitigate the risk.
Upgrade Telerik Test Studio to version 2023.3.1330 or later. Restrict user permissions to prevent installer manipulation as a temporary workaround.
As of now, there are no publicly known active exploits for CVE-2024-0833, but the vulnerability's nature suggests potential for exploitation.
Refer to the official Telerik security advisory for CVE-2024-0833 on the Telerik website (https://info.telerik.com/kb/security-advisories/CVE-2024-0833).
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.