CVE-2024-6364
📋 TL;DR
This vulnerability in Absolute Persistence® allows attackers with physical device access and full network control to execute operating system commands on unactivated devices. It affects organizations using Absolute Persistence® versions before 2.8. The risk is highest when devices are physically accessible to malicious actors.
💻 Affected Systems
- Absolute Persistence®
📦 What is this software?
Persistence by Absolute
⚠️ Risk & Real-World Impact
Worst Case
Full device compromise allowing persistent backdoor installation, data theft, and lateral movement within the network.
Likely Case
Local privilege escalation leading to unauthorized access to sensitive device data and potential credential harvesting.
If Mitigated
Limited impact due to physical access requirements and network control prerequisites.
🎯 Exploit Status
Exploitation requires skilled attacker with both physical device access and full hostile network control.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.8 and later
Vendor Advisory: https://www.absolute.com/platform/vulnerability-archive/cve-2024-6364
Restart Required: Yes
Instructions:
1. Contact Absolute Security or device manufacturer for upgrade instructions. 2. Download latest firmware version 2.8+. 3. Apply firmware update following manufacturer guidelines. 4. Restart device to complete installation.
🔧 Temporary Workarounds
Activate Absolute Persistence®
allActivating the software removes the vulnerable unactivated state
Physical Security Controls
allImplement strict physical access controls to prevent unauthorized device access
🧯 If You Can't Patch
- Ensure all Absolute Persistence® installations are properly activated
- Implement strict physical security controls and network segmentation for vulnerable devices
🔍 How to Verify
Check if Vulnerable:
Check Absolute Persistence® version and activation status. Vulnerable if version <2.8 AND not activated.Check Version:
Check device firmware/software version through Absolute management console or device manufacturer toolsVerify Fix Applied:
Verify Absolute Persistence® version is 2.8 or higher and software is properly activated.📡 Detection & Monitoring
Log Indicators:
- Unauthorized physical access logs
- Unexpected firmware modification attempts
- Unusual network traffic from device during physical access events
Network Indicators:
- Suspicious outbound connections following physical access
- Unexpected command and control traffic
SIEM Query:
Search for: (event_type='physical_access' OR 'device_tampering') AND (software='Absolute Persistence' AND version<'2.8')