CVE-2024-13972
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-17
Last updated on: 2025-08-03
Assigner: Sophos Limited
Description
Description
A vulnerability related to registry permissions in the Intercept X for Windows updater prior to Core Agent version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sophos | intercept_x | 2024.3.2 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves improper registry permissions in the Intercept X for Windows updater before version 2024.3.2, which allows a local user to escalate their privileges to system level during a product upgrade.
How can this vulnerability impact me? :
An attacker with local access could exploit this vulnerability to gain system level privileges, potentially allowing them to fully control the affected system, compromise data, and bypass security controls.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70