CVE-2024-28133 – This vulnerability allows a local low-privilege... (How to Fix)

Q: What is the severity of CVE-2024-28133?

CVE-2024-28133 has a CVSS score of 7.8 (HIGH). This vulnerability allows a local low-privileged attacker to exploit an untrusted search path in a CHARX system utility to escalate privileges to root. It affects systems running vulnerable versions of CHARX software where local users have access to the utility. The attack requires local access to the system.

📋 TL;DR

This vulnerability allows a local low-privileged attacker to exploit an untrusted search path in a CHARX system utility to escalate privileges to root. It affects systems running vulnerable versions of CHARX software where local users have access to the utility. The attack requires local access to the system.

💻 Affected Systems

Products:

CHARX system utility

Versions: Specific versions not provided in CVE description; consult vendor advisory for details.

Operating Systems: Linux/Unix systems running CHARX utility

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configurations where the CHARX utility is installed and accessible to local users.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root privileges, allowing attacker to install persistent malware, access all data, and pivot to other systems.

🟠

Likely Case

Local privilege escalation leading to unauthorized administrative access on affected systems.

🟢

If Mitigated

Limited impact if proper access controls restrict local user accounts and privilege separation is enforced.

🌐 Internet-Facing: LOW - Requires local access to the system, not directly exploitable over network.

🏢 Internal Only: HIGH - Local users or compromised accounts can exploit this to gain full system control.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access and low privileges; search path vulnerabilities are typically straightforward to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched versions

Vendor Advisory: https://cert.vde.com/en/advisories/VDE-2024-019

Restart Required: Yes

Instructions:

1. Check vendor advisory for patched version. 2. Update CHARX utility to patched version. 3. Restart affected services or system as required.

🔧 Temporary Workarounds

Restrict CHARX utility permissions

linux

Remove execute permissions for non-privileged users on the vulnerable CHARX utility

chmod 750 /path/to/charx/utility

Implement strict PATH environment control

linux

Control the PATH environment variable for users to prevent untrusted directory inclusion

export PATH=/usr/bin:/bin:/usr/sbin:/sbin

🧯 If You Can't Patch

Implement strict access controls to limit local user accounts
Monitor for privilege escalation attempts and unusual root activity

🔍 How to Verify

Check if Vulnerable:

Check if CHARX utility is installed and accessible to low-privileged users: ls -la /path/to/charx/utility

Check Version:

/path/to/charx/utility --version or check package manager

Verify Fix Applied:

Verify CHARX utility version matches patched version from vendor advisory and permissions are restricted

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events
CHARX utility execution by non-privileged users
Failed sudo/su attempts followed by successful root access

Network Indicators:

None - local exploitation only

SIEM Query:

source="auth.log" AND (event="privilege escalation" OR process="charx")

📊 Metadata

CVE ID: CVE-2024-28133

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-426

Published: May 14, 2024

Last Updated: January 23, 2025

🔗 References

https://cert.vde.com/en/advisories/VDE-2024-019 Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2024-019 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28133, you might also want to check these: