In its new study, our Malware Lab identified CVE-2024-4944a local privilege escalation (LPE) vulnerability within WatchGuard Mobile VPN with SSLone of the most widely used VPN clients on Windows systems in the enterprise environment.
This vulnerability allows a user with limited privileges to obtain the execution of commands with the rights of Local Systemcompletely compromising the endpoint and bypassing any active protection solutions.
The risk is particularly high for remote devices, often outside the corporate security perimeter, where detection capabilities are reduced and the impact of a compromise may extend to partners and customers.
After the responsible report to the vendor, WatchGuard recognised the problem and released a patch in the 12.11.3 of the software. Therefore, we urge all users and organisations involved to upgrade as soon as possible.
This study highlights the importance of taking robust preventive measures: from code reviews for applications with elevated privileges, to secure IPC mechanisms, to continuous monitoring via EDR and log retention. Privilege escalation remains one of the most effective techniques for lateral movement and persistence within corporate environments.
If you wish to learn more, here is the link to our studio complete.
In addition, you can subscribe to the specific mailing list Cyber Studios by Tinexta Defenceto receive updates on upcoming research:
