CVE-2024-7061

MEDIUM

Okta Verify < 5.0.2 - Path Traversal

Title source: rule

Description

Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking. The vulnerability is fixed in Okta Verify for Windows version 5.0.2. To remediate this vulnerability, upgrade to 5.0.2 or greater.

References (2)

[Not Applicable, Release Notes] https://help.okta.com/oie/en-us/content/topics/releasenotes/oie-ov-release-notes.htm#panel4

[Vendor Advisory] https://trust.okta.com/security-advisories/okta-verify-for-windows-privilege-escalation-cve-2024-7061/

Scores

CVSS v3 5.5

EPSS 0.0013

EPSS Percentile 32.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-22 CWE-427

Status published

Affected Products (1)

okta/verify < 5.0.2

Timeline

Published Aug 07, 2024

Tracked Since Feb 18, 2026