CVE-2024-45164 identifies an authorization bypass vulnerability in Akamai Secure Internet Access Enterprise (SIA) ThreatAvert and Apps Portal components prior to versions 19.2.0 and 19.2.0.3/19.2.0.20240814. The flaw stems from improper enforcement of authorization controls on the admin functionality of the ThreatAvert Policy page. Specifically, an authenticated user with limited privileges can circumvent intended access restrictions by directly navigating to the URI /#app/intelligence/threatAvertPolicies. This unauthorized access enables the user to disable policy enforcement, effectively undermining the security posture enforced by ThreatAvert. The vulnerability is classified under CWE-732 (Incorrect Permission Assignment for Critical Resource). The CVSS v3.1 base score is 4.3 (medium), reflecting that the attack vector is network-based, requires low attack complexity, and privileges but no user interaction. The impact is limited to integrity, as confidentiality and availability remain unaffected. No known exploits have been reported, but the vulnerability poses a risk of internal misuse or privilege escalation within organizations using affected versions. The issue is resolved in Akamai SIA versions 19.2.0 and Apps Portal 19.2.0.3 or 19.2.0.20240814 and later.

The primary impact of CVE-2024-45164 is the potential degradation of security policy integrity within organizations using Akamai SIA ThreatAvert. By allowing an authenticated user with limited privileges to disable policy enforcement, attackers or malicious insiders can bypass critical threat detection and mitigation controls. This can lead to increased exposure to threats that would otherwise be blocked or mitigated by ThreatAvert policies. Although confidentiality and availability are not directly affected, the weakening of security controls increases the risk of subsequent attacks or data breaches. Organizations relying heavily on Akamai SIA for threat enforcement, especially those with multiple users having authenticated access, face a risk of internal policy tampering. This could undermine compliance requirements and increase the likelihood of successful cyberattacks. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially in environments with less stringent internal access controls.

To mitigate CVE-2024-45164, organizations should promptly upgrade Akamai SIA ThreatAvert to version 19.2.0 or later and Apps Portal to version 19.2.0.3 or 19.2.0.20240814 or later, where the authorization controls have been corrected. Until patches are applied, restrict authenticated user access to the ThreatAvert Policy page by implementing strict role-based access controls (RBAC) and monitoring for unauthorized access attempts to the /#app/intelligence/threatAvertPolicies URI. Employ network segmentation and least privilege principles to limit the number of users with authenticated access to the management interfaces. Additionally, enable detailed logging and alerting on policy changes to detect any unauthorized disabling of policy enforcement. Conduct regular audits of user permissions and review access logs for suspicious activity. If patching is delayed, consider temporary compensating controls such as web application firewalls (WAF) rules to block direct access to the vulnerable URI for non-admin users. Finally, educate administrators and users about the risk and encourage vigilance against internal misuse.