CVE-2024-0311

MEDIUM

Skyhigh Client Proxy - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-0311. PoCs published by calligraf0.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-0311, demonstrating a local privilege escalation (LPE) via process injection. The exploit uses shellcode to inject a DLL into a target process, leveraging Windows API calls for memory allocation and remote thread creation.

Description

A malicious insider can bypass the existing policy of Skyhigh Client Proxy without a valid release code.

Exploits (1)

nomisec WORKING POC 9 stars

by calligraf0 · poc

https://github.com/calligraf0/CVE-2024-0311

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-0311, demonstrating a local privilege escalation (LPE) via process injection. The exploit uses shellcode to inject a DLL into a target process, leveraging Windows API calls for memory allocation and remote thread creation.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows (specific version not specified)

Auth required

Prerequisites: Local access to the target system · Process ID of the target process

MITRE ATT&CK

T1055 - Process Injection T1036 - Masquerading

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Various Sources

https://kcm.trellix.com/corporate/index?page=content&id=SB10418

Scores

CVSS v3 5.5

EPSS 0.0042

EPSS Percentile 33.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-622

Status published

Products (1)

Skyhigh/Skyhigh Client Proxy 4.8.1

Published Mar 14, 2024

Tracked Since Feb 18, 2026