CVE-2024-37344
📋 TL;DR
This cross-site scripting vulnerability in Absolute Secure Access allows attackers with system administrator permissions to inject malicious scripts into the policy management UI. This can interfere with other administrators' use of the interface when editing the same policy object. Only administrators are affected, and there's no impact to confidentiality or availability.
💻 Affected Systems
- Absolute Secure Access
📦 What is this software?
Secure Access by Absolute
⚠️ Risk & Real-World Impact
Worst Case
Malicious administrator could inject scripts that disrupt policy management for other administrators, potentially causing operational issues or privilege escalation through social engineering.
Likely Case
Administrator accidentally or intentionally injects scripts that disrupt other administrators' policy editing sessions, causing confusion and operational delays.
If Mitigated
With proper administrator vetting and monitoring, impact is limited to minor UI disruptions during concurrent policy editing.
🎯 Exploit Status
Exploitation requires administrator credentials and concurrent policy editing sessions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 13.06
Vendor Advisory: https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1306/cve-2024-37344/
Restart Required: Yes
Instructions:
1. Download Absolute Secure Access version 13.06 from vendor portal. 2. Backup current configuration. 3. Apply the update following vendor installation procedures. 4. Restart the Secure Access service.
🔧 Temporary Workarounds
Limit concurrent policy editing
allImplement policy that only one administrator can edit a policy object at a time
Enhanced administrator monitoring
allImplement strict monitoring and logging of administrator actions in policy management UI
🧯 If You Can't Patch
- Implement strict administrator access controls and vetting procedures
- Enable detailed logging of all policy management UI interactions and review regularly
🔍 How to Verify
Check if Vulnerable:
Check Secure Access version in administration console. If version is below 13.06, system is vulnerable.Check Version:
Check version in Absolute Secure Access administration interface under System InformationVerify Fix Applied:
Verify version shows 13.06 or higher in administration console and test policy management UI functionality.📡 Detection & Monitoring
Log Indicators:
- Unusual policy object modifications
- Multiple administrators editing same policy simultaneously
- JavaScript errors in policy management UI logs
Network Indicators:
- Unusual traffic patterns to policy management endpoints
SIEM Query:
source="secure_access" AND (event="policy_edit" OR event="admin_action") AND (user_count>1 OR script_detected=true)