CVE-2024-11468

High

Published: 04 February 2025

Published

04 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0008 24.4th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-11468 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Omnissa Horizon Client (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, ranked at the 24.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Timely flaw remediation through applying Omnissa patches directly eliminates the installation process vulnerability enabling local privilege escalation to root.

AC-6 Least Privilege good match

prevent

Least privilege enforcement ensures user accounts and processes lack the unnecessary permissions required to successfully exploit the LPE during Horizon Client installation.

CM-11 User-installed Software partial match

prevent

Restricting user-installed software prevents local users from initiating the vulnerable installation process that leads to privilege escalation.

NVD Description

Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a flaw in the installation process. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system…

where the Horizon Client for macOS is installed.

Deeper analysisAI

Omnissa Horizon Client for macOS is affected by CVE-2024-11468, a local privilege escalation vulnerability arising from a flaw in the installation process. This issue, tracked under CWE-276, carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H) and was published on 2025-02-04.

Local attackers with user-level privileges on the affected macOS system can exploit this vulnerability to escalate to root privileges. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, potentially granting full system control where the Horizon Client is installed.

Mitigation guidance and patches are detailed in Omnissa security advisory OMSA-2024-0002, available at https://static.omnissa.com/sites/default/files/OMSA-2024-0002.pdf, along with additional information on the Omnissa security response page at https://www.omnissa.com/omnissa-security-response/.