CVE-2024-6364

MEDIUM

Absolute Persistence <2.8 - Privilege Escalation

Title source: llm

Description

A vulnerability in Absolute Persistence® versions before 2.8 exists when it is not activated. This may allow a skilled attacker with both physical access to the device, and full hostile network control, to initiate OS commands on the device. To remediate this vulnerability, update the device firmware to the latest available version. Please contact the device manufacturer for upgrade instructions or contact Absolute Security, see reference below.

References (1)

Core 1

Core References

Vendor Advisory

https://www.absolute.com/platform/vulnerability-archive/cve-2024-6364

Scores

CVSS v3 6.4

EPSS 0.0015

EPSS Percentile 4.6%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-284

Status published

Products (1)

absolute/persistence < 2.8

Published May 13, 2025

Tracked Since Feb 18, 2026