CVE-2024-46465

By default, dedicated folders of CRYHOD for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of CRYHOD has to be modified to prevent this vulnerability.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.4 / Impact : 5.8

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.primx.eu/en/bulletins/security-bulletin-24932296/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:primx:cryhod:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

01 Oct 2025, 18:12

Type	Values Removed	Values Added
References	~~() https://www.primx.eu/en/bulletins/security-bulletin-24932296/ -~~	() https://www.primx.eu/en/bulletins/security-bulletin-24932296/ - Vendor Advisory
First Time		Microsoft Primx cryhod Primx Microsoft windows
CPE		cpe:2.3:a:primx:cryhod:::::::: cpe:2.3:o:microsoft:windows:-:::::::*

25 Nov 2024, 20:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CWE		CWE-276

18 Nov 2024, 17:11

Type	Values Removed	Values Added
Summary		(es) De forma predeterminada, otros usuarios pueden acceder a las carpetas dedicadas de CRYHOD para Windows hasta la versión 2024.3 para hacer un uso indebido de los archivos técnicos y obligarlos a realizar tareas con mayores privilegios. Es necesario modificar la configuración de CRYHOD para evitar esta vulnerabilidad.

15 Nov 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-15 18:15

Updated : 2025-10-01 18:12

NVD link : CVE-2024-46465

Mitre link : CVE-2024-46465

CVE.ORG link : CVE-2024-46465

JSON object : View

Products Affected

microsoft

windows

primx

cryhod

CWE

CWE-276

Incorrect Default Permissions

7.8 /10