Cyber Resilience

CVE-2024-46464

High

Published: 09 January 2025

Published
09 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H
EPSS Score 0.0013 32.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-46464 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Primx (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 32.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2024-46464 affects PRIMX ZED Enterprise versions up to 2024.3. The vulnerability stems from technical files stored in local folders that have common user access, allowing these files to be manipulated. This issue is classified under CWE-276 (Incorrect Default Permissions) and carries a CVSS v3.1 base score of 7.8 (High), with vector AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H, indicating local access required, high attack complexity, no privileges or user interaction needed, changed scope, high confidentiality and availability impacts, and no integrity impact.

A local attacker can exploit this vulnerability by manipulating the accessible technical files, potentially rendering the host computer unavailable (denial of service) or executing arbitrary programs with elevated privileges. The attack requires no prior privileges (PR:N) but demands high complexity (AC:H), making it feasible for unprivileged local users who can access the shared folders.

For mitigation details, refer to the vendor's security bulletin at https://www.primx.eu/en/bulletins/security-bulletin-24931935/.

EU & UK References

Vulnerability details

In PRIMX ZED Enterprise up to 2024.3, technical files stored in local folders with common user access can be manipulated to render the host computer unavailable or to execute programs with an elevation of privilege.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Weak default file permissions (CWE-276) on local technical files directly enable local unprivileged attackers to manipulate them for arbitrary code execution with elevated privileges, matching Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21532Shared CWE-276
CVE-2025-24176Shared CWE-276
CVE-2025-1789Shared CWE-276
CVE-2024-43769Shared CWE-276
CVE-2025-0543Shared CWE-276
CVE-2025-7024Shared CWE-276
CVE-2025-24267Shared CWE-276
CVE-2026-25203Shared CWE-276
CVE-2024-49737Shared CWE-276
CVE-2024-34730Shared CWE-276

Affected Assets

Primx
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces least privilege to restrict unprivileged local users from accessing or manipulating technical files in shared folders, preventing DoS or privilege escalation.

prevent

Implements access enforcement mechanisms like file ACLs to block unauthorized modifications to technical files with common user access, directly countering CWE-276.

prevent

Requires secure baseline configuration settings for file and folder permissions in PRIMX ZED Enterprise, mitigating overly permissive defaults exploited for host unavailability or elevated execution.

References