{
    "componentChunkName": "component---src-templates-security-advisories-js",
    "path": "/security-advisories/okta-verify-windows-auto-update-arbitrary-code-execution-cve-2024-0980/",
    "result": {"data":{"contentfulSecurityAdvisories":{"id":"8e7cd998-c8a8-54bf-8ade-b5f9960f54de","title":"Okta Verify for Windows Auto-update Arbitrary Code Execution CVE-2024-0980 - Mar 26, 2024","url":"/security-advisories/okta-verify-windows-auto-update-arbitrary-code-execution-cve-2024-0980","datePosted":"2024-03-26T00:00","body":{"raw":"{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Description\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Affected product and versions\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Customers using Okta Verify for Windows prior to version 4.10.7 that have currently installed or previously had installed versions prior to 4.10.7 of Okta Verify for Windows.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Note: Customers using Okta Verify on platforms other than Windows are \",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[{\"type\":\"italic\"},{\"type\":\"bold\"}],\"value\":\"not affected\",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[],\"value\":\".\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Resolution\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"The vulnerability is fixed in Okta Verify for Windows version 4.10.7. To remediate this vulnerability, upgrade to 4.10.7 or greater.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"CVE details\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"CVE ID\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"table-cell\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://www.cve.org/CVERecord?id=CVE-2024-0980\"},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"CVE-2024-0980\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"table-cell\"}],\"nodeType\":\"table-row\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Published Date\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"table-cell\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"2024-03-26\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"table-cell\"}],\"nodeType\":\"table-row\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Vulnerability Type\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"table-cell\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Improper Limitation of a Pathname to a Restricted Directory, Uncontrolled Search Path or Element\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"table-cell\"}],\"nodeType\":\"table-row\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"CWE\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"table-cell\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"CWE–22, CWE-427\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"table-cell\"}],\"nodeType\":\"table-row\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"CVSS v3\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"table-cell\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Score:7.1\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Vector string:CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"table-cell\"}],\"nodeType\":\"table-row\"}],\"nodeType\":\"table\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Acknowledgements\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Okta would like to thank Ryan Wincey of Securifera, Inc. for providing information in addressing this vulnerability.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"References\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://help.asqula.com/oie/en-us/content/topics/identity-engine/devices/ov-install-options-windows.htm\"},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Deploy Okta Verify to Windows devices\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"document\"}"},"shortDescription":{"shortDescription":"The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code."}}},"pageContext":{"matchPath":null,"language":"en","id":"8e7cd998-c8a8-54bf-8ade-b5f9960f54de","slug":"/security-advisories/okta-verify-windows-auto-update-arbitrary-code-execution-cve-2024-0980"}},
    "staticQueryHashes": ["2744905544"]}