CVE-2024-40595 identifies a medium-severity authentication bypass vulnerability in the Remote Desktop Protocol (RDP) component of One Identity Safeguard for Privileged Sessions (SPS) On Premise, specifically in versions prior to 7.5.1 and LTS versions before 7.0.5.1. The vulnerability allows a man-in-the-middle (MitM) attacker to intercept cleartext RDP protocol information, bypassing authentication mechanisms and gaining unauthorized access to privileged sessions on target systems. This issue is rooted in the improper protection of RDP authentication data, leading to exposure of sensitive session credentials or tokens during transmission. The vulnerability is classified under CWE-319, indicating that sensitive information is transmitted in cleartext, facilitating interception and exploitation. The CVSS 3.1 base score is 5.3, reflecting medium severity, with attack vector being adjacent network (AV:A), high attack complexity (AC:H), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and high confidentiality impact (C:H) but no impact on integrity or availability. No public exploits have been reported yet, but the risk remains significant due to the privileged nature of the sessions involved. The affected product is widely used in enterprise environments to secure privileged access, making this vulnerability a critical concern for organizations managing sensitive administrative operations. The vulnerability underscores the importance of securing RDP communications and ensuring robust authentication mechanisms in privileged session management solutions.

The primary impact of CVE-2024-40595 is unauthorized access to privileged sessions managed by One Identity Safeguard for Privileged Sessions. Successful exploitation allows attackers to bypass authentication by intercepting cleartext RDP data, potentially leading to exposure of sensitive administrative credentials and session information. This can result in unauthorized administrative actions, data exposure, and lateral movement within enterprise networks. The confidentiality of privileged sessions is severely compromised, although integrity and availability are not directly affected. Organizations relying on One Identity SPS for privileged access management face increased risk of insider threats and external attackers gaining elevated access. The medium CVSS score reflects the requirement for network proximity and high attack complexity, limiting widespread exploitation but still posing a significant threat to targeted environments. The absence of known exploits in the wild suggests limited current exploitation but does not preclude future attacks. Overall, the vulnerability threatens the security of critical infrastructure and sensitive enterprise systems where privileged session management is essential.

To mitigate CVE-2024-40595, organizations should prioritize upgrading One Identity Safeguard for Privileged Sessions to version 7.5.1 or later, or LTS version 7.0.5.1 or later, once patches are released. Until patches are available, network segmentation should be enforced to restrict access to the SPS RDP component, limiting exposure to trusted networks only. Deploy strong network-level encryption such as VPNs or IPsec tunnels to protect RDP traffic from interception. Implement strict monitoring and anomaly detection on privileged session activities to identify potential unauthorized access attempts. Employ multi-factor authentication (MFA) for administrative access where possible to add an additional layer of security. Regularly audit and review privileged session logs for suspicious behavior. Additionally, consider disabling or restricting RDP access if not essential, or replacing it with more secure remote access technologies. Engage with One Identity support for guidance and early access to patches or workarounds. Finally, educate security teams about the risks of cleartext transmission vulnerabilities and the importance of securing privileged session management tools.