Cyber Resilience

CVE-2024-11497

High

Published: 14 January 2025

Published
14 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0019 40.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-11497 is a high-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Vde (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 40.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-11497 is a privilege escalation vulnerability classified under CWE-732 (Incorrect Permission Assignment for Critical Resource), published on 2025-01-14 with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). It enables an authenticated attacker to gain root access on the affected system. The specific software or component impacted is referenced in the VDE-CERT advisory VDE-2024-070.

An attacker with low-level authenticated privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low complexity and no user interaction required. Successful exploitation grants root-level access, resulting in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged security scope.

For mitigation details, patches, and additional guidance, refer to the advisory at https://cert.vde.com/en/advisories/VDE-2024-070.

EU & UK References

Vulnerability details

An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

CVE directly describes a remote authenticated privilege escalation to root via incorrect critical resource permissions (CWE-732), mapping cleanly to Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-27688Shared CWE-732
CVE-2026-2637Shared CWE-732
CVE-2025-21325Shared CWE-732
CVE-2026-25112Shared CWE-732
CVE-2026-24834Shared CWE-732
CVE-2025-12985Shared CWE-732
CVE-2024-55411Shared CWE-732
CVE-2025-21571Shared CWE-732
CVE-2026-41217Shared CWE-732
CVE-2026-22768Shared CWE-732

Affected Assets

Vde
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely flaw remediation including vendor patches to directly fix the privilege escalation vulnerability stemming from incorrect permission assignment.

prevent

Mandates secure configuration settings for system components to ensure critical resources have correct permissions, directly countering CWE-732.

prevent

Enforces least privilege to restrict low-privileged authenticated users and processes, limiting the potential for exploitation to gain root access.

References