Cyber Posture

CVE-2024-46622

Critical

Published: 06 January 2025

Published
06 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0018 38.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-46622 is a critical-severity Improper Preservation of Permissions (CWE-281) vulnerability in Secureage (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, ranked at the 38.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely flaw remediation through vendor patches (e.g., SecureAge versions 7.0.38+), directly eliminating the escalation of privilege vulnerability enabling arbitrary file operations.

SC-7 Boundary Protection good match
prevent

Monitors and controls communications at boundaries to block unauthenticated network access to the vulnerable SecureAge service, preventing remote exploitation.

SI-7 Software, Firmware, and Information Integrity good match
detect

Performs integrity verification on software and files to detect unauthorized creation, modification, or deletion resulting from successful exploitation.

NVD Description

An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18 that allows arbitrary file creation, modification and deletion.

Deeper analysisAI

CVE-2024-46622 is an Escalation of Privilege vulnerability (CWE-281) in SecureAge Security Suite software, affecting versions 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18. The flaw enables arbitrary file creation, modification, and deletion on affected systems. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical due to its network accessibility, low attack complexity, and lack of prerequisites like privileges or user interaction.

Remote attackers require no authentication or special privileges to exploit this vulnerability over the network. Successful exploitation allows privilege escalation, granting the ability to create, modify, or delete arbitrary files, which can lead to full system compromise through high-impact disruption of confidentiality, integrity, and availability.

Vendor advisories provide mitigation guidance, with patches available in SecureAge Security Suite versions 7.0.38, 7.1.11, 8.0.18, and 8.1.18. Additional details are documented on the SecureAge website at https://www.secureage.com/ and in their blog post at https://www.secureage.com/blog/resolved-escalation-of-privilege.

Details

CWE(s)
CWE-281

Affected Products

Secureage
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2024-56973Shared CWE-281
CVE-2024-40672Shared CWE-281
CVE-2025-25871Shared CWE-281
CVE-2025-30456Shared CWE-281
CVE-2024-55507Shared CWE-281
CVE-2025-30449Shared CWE-281
CVE-2025-25711Shared CWE-281
CVE-2024-46310Shared CWE-281
CVE-2024-54818Shared CWE-281
CVE-2024-56192Shared CWE-281

References