CVE-2024-31202 – This vulnerability allows a local attacker to e... (How to Fix)

Q: What is the severity of CVE-2024-31202?

CVE-2024-31202 has a CVSS score of 7.8 (HIGH). This vulnerability allows a local attacker to escalate privileges by exploiting incorrect permissions in the ThermoscanIP installation folder. Attackers can modify critical files to gain higher system privileges. Only systems with ThermoscanIP installed are affected.

📋 TL;DR

This vulnerability allows a local attacker to escalate privileges by exploiting incorrect permissions in the ThermoscanIP installation folder. Attackers can modify critical files to gain higher system privileges. Only systems with ThermoscanIP installed are affected.

💻 Affected Systems

Products:

ThermoscanIP

Versions: All versions prior to patched version

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires ThermoscanIP installation with default permissions on the installation folder.

📦 What is this software?

Thermoscan Ip by Proges

View all CVEs affecting Thermoscan Ip →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative/root privileges, allowing complete control over the affected system.

🟠

Likely Case

Local privilege escalation to SYSTEM/root level, enabling installation of malware, data theft, or persistence mechanisms.

🟢

If Mitigated

Limited impact if proper access controls and least privilege principles are enforced on the installation folder.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring local access to the system.

🏢 Internal Only: HIGH - Malicious insiders or compromised user accounts can exploit this to gain elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access and knowledge of the vulnerable folder location. No authentication bypass needed beyond initial local access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched version

Vendor Advisory: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31202

Restart Required: Yes

Instructions:

1. Visit the vendor advisory URL
2. Download the latest patched version of ThermoscanIP
3. Uninstall the vulnerable version
4. Install the patched version
5. Restart the system

🔧 Temporary Workarounds

Restrict installation folder permissions

windows

Modify permissions on the ThermoscanIP installation folder to prevent unauthorized write access

icacls "C:\Program Files\ThermoscanIP" /inheritance:r /grant:r "SYSTEM:(OI)(CI)F" "Administrators:(OI)(CI)F" /deny "Users:(OI)(CI)(W)"

🧯 If You Can't Patch

Remove ThermoscanIP from critical systems
Implement strict access controls and monitoring on the installation folder

🔍 How to Verify

Check if Vulnerable:

Check if ThermoscanIP is installed and verify folder permissions allow write access to non-administrative users

Check Version:

Check ThermoscanIP about dialog or installation directory for version information

Verify Fix Applied:

Verify ThermoscanIP version is updated to patched version and installation folder has proper restrictive permissions

📡 Detection & Monitoring

Log Indicators:

Unauthorized file modifications in ThermoscanIP installation folder
Privilege escalation attempts
Suspicious process creation from ThermoscanIP directory

Network Indicators:

None - this is a local privilege escalation

SIEM Query:

EventID=4663 AND ObjectName LIKE '%ThermoscanIP%' AND Accesses LIKE '%WRITE%'

📊 Metadata

CVE ID: CVE-2024-31202

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-732

Published: July 31, 2024

Last Updated: September 30, 2024

🔗 References

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31202 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-31202, you might also want to check these: