CVE-2024-13206
Published: 09 January 2025
Summary
CVE-2024-13206 is a high-severity Incorrect Privilege Assignment (CWE-266) vulnerability. Its CVSS base score is 7.8 (High).
Operationally, ranked at the 14.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-6 (Configuration Settings).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Mandates secure configuration settings including proper file permissions to directly prevent exploitation of incorrect default permissions on the reveinstall file.
Requires timely identification, reporting, and remediation of flaws like incorrect permissions, enabling manual correction as advised due to lack of vendor patch.
Enforces least privilege principle to counter improper privilege assignment (CWE-266) and limit low-privilege attacker impact on the vulnerable file.
NVD Description
A vulnerability classified as critical has been found in REVE Antivirus 1.0.0.0 on Linux. This affects an unknown part of the file /usr/local/reveantivirus/tmp/reveinstall. The manipulation leads to incorrect default permissions. It is possible to launch the attack on the local…
more
host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2024-13206 is a critical vulnerability in REVE Antivirus version 1.0.0.0 running on Linux systems, specifically affecting the file /usr/local/reveantivirus/tmp/reveinstall due to incorrect default permissions (CWE-276 and CWE-266). This flaw allows manipulation that results in improper privilege assignment, earning a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The issue was publicly disclosed on January 9, 2025.
A local attacker with low privileges (PR:L) can exploit this vulnerability directly on the host without user interaction, achieving high impacts on confidentiality, integrity, and availability. By leveraging the misconfigured permissions in the reveinstall file, an attacker could potentially escalate privileges, modify critical files, or execute arbitrary code within the antivirus component's context.
Advisories from VulDB and a GitHub disclosure by hawkteam404 detail the vulnerability but note no vendor response despite early contact; no patches or official mitigations are available. Security practitioners should verify and manually correct permissions on the affected file path, monitor for exploit attempts, and consider alternative antivirus solutions until REVE provides updates.
The exploit has been publicly released and may be actively used, increasing risk for deployments of this unpatched software.
Details
- CWE(s)