Cyber Resilience

CVE-2024-46622

Critical

Published: 06 January 2025

Published
06 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0024 47.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-46622 is a critical-severity Improper Preservation of Permissions (CWE-281) vulnerability in Secureage (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 47.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-46622 is an Escalation of Privilege vulnerability (CWE-281) in SecureAge Security Suite software, affecting versions 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18. The flaw enables arbitrary file creation, modification, and deletion on affected systems. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical due to its network accessibility, low attack complexity, and lack of prerequisites like privileges or user interaction.

Remote attackers require no authentication or special privileges to exploit this vulnerability over the network. Successful exploitation allows privilege escalation, granting the ability to create, modify, or delete arbitrary files, which can lead to full system compromise through high-impact disruption of confidentiality, integrity, and availability.

Vendor advisories provide mitigation guidance, with patches available in SecureAge Security Suite versions 7.0.38, 7.1.11, 8.0.18, and 8.1.18. Additional details are documented on the SecureAge website at https://www.secureage.com/ and in their blog post at https://www.secureage.com/blog/resolved-escalation-of-privilege.

EU & UK References

Vulnerability details

An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18 that allows arbitrary file creation, modification and deletion.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct EoP via unauthenticated remote arbitrary file operations maps to exploitation for privilege escalation and public-facing app exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-55507Shared CWE-281
CVE-2025-25871Shared CWE-281
CVE-2024-56192Shared CWE-281
CVE-2026-35385Shared CWE-281
CVE-2025-30456Shared CWE-281
CVE-2024-56973Shared CWE-281
CVE-2024-56191Shared CWE-281
CVE-2025-25711Shared CWE-281
CVE-2025-30449Shared CWE-281
CVE-2026-24194Shared CWE-281

Affected Assets

Secureage
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely flaw remediation through vendor patches (e.g., SecureAge versions 7.0.38+), directly eliminating the escalation of privilege vulnerability enabling arbitrary file operations.

prevent

Monitors and controls communications at boundaries to block unauthenticated network access to the vulnerable SecureAge service, preventing remote exploitation.

detect

Performs integrity verification on software and files to detect unauthorized creation, modification, or deletion resulting from successful exploitation.

References