CVE-2024-38456
📋 TL;DR
This vulnerability allows non-admin users to exploit weak file and folder permissions in Vivavis HIGH-LEIT software to escalate privileges and execute arbitrary code as SYSTEM. It affects Windows installations of HIGH-LEIT versions V05.08.01.03 and V04.25.00.00 through 4.25.01.01. Attackers with local access can gain full system control.
💻 Affected Systems
- Vivavis HIGH-LEIT
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with SYSTEM-level code execution, enabling persistence, data theft, and lateral movement across the network.
Likely Case
Local privilege escalation leading to full administrative control of the affected system, potentially compromising SCADA/industrial control operations.
If Mitigated
Limited impact if proper access controls and monitoring are in place, though the vulnerability still exists.
🎯 Exploit Status
Exploitation requires local user access but is straightforward once access is obtained. Technical details and proof-of-concept are publicly available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: V05.08.01.04 and V04.25.01.02
Vendor Advisory: https://www.vivavis.com/en/vivavis-high-leit-rce-vulnerability-cve-2024-38456/
Restart Required: Yes
Instructions:
1. Download updated versions from Vivavis support portal. 2. Backup current configuration. 3. Install the patched version. 4. Restart the system to apply changes.
🔧 Temporary Workarounds
Restrict file permissions
windowsManually adjust permissions on HIGH-LEIT installation folders to prevent non-admin users from modifying files.
icacls "C:\Program Files\Vivavis\HIGH-LEIT" /inheritance:r /grant:r "Administrators:(OI)(CI)F" /grant:r "SYSTEM:(OI)(CI)F" /deny "Users:(OI)(CI)(W)"
Remove non-admin access
windowsEnsure only administrators have interactive or remote access to systems running HIGH-LEIT.
🧯 If You Can't Patch
- Implement strict access controls to prevent non-admin users from logging into affected systems
- Monitor for suspicious file permission changes or unauthorized access attempts to HIGH-LEIT directories
🔍 How to Verify
Check if Vulnerable:
Check the installed version of HIGH-LEIT and verify if it's within the affected range. Also check permissions on the installation directory.Check Version:
Check the version in the HIGH-LEIT application interface or examine the installation directory properties.Verify Fix Applied:
Verify the version is updated to V05.08.01.04 or V04.25.01.02, and confirm file permissions are properly restricted.📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs showing privilege escalation attempts
- File permission changes to HIGH-LEIT directories
- Unauthorized process execution as SYSTEM
Network Indicators:
- Unusual network connections originating from the HIGH-LEIT system
- Lateral movement attempts from the compromised host
SIEM Query:
EventID=4688 AND NewProcessName LIKE '%prunsrv.exe%' AND SubjectUserName NOT IN ('SYSTEM', 'Administrator')