CVE-2024-46465 is a vulnerability identified in CRYHOD for Windows versions up to 2024.3, involving improper access control on dedicated folders used by the application. By default, these folders are accessible by other users on the same system, which allows them to misuse technical files contained within to execute tasks with elevated privileges. This vulnerability is classified under CWE-276 (Incorrect Default Permissions) and results from the failure to properly restrict access rights to sensitive directories. The CVSS 3.1 base score is 7.8, indicating a high severity level. The vector string (AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H) shows that the attack requires local access (AV:L), has high attack complexity (AC:H), requires no privileges (PR:N), and no user interaction (UI:N). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact is high on confidentiality (C:H) and availability (A:H), but no impact on integrity (I:N). The vulnerability allows unauthorized users to access and misuse technical files, potentially leading to information disclosure and denial of service or disruption of service. No patches or known exploits are currently available, but the vulnerability can be mitigated by modifying CRYHOD’s configuration to restrict folder access permissions properly. This flaw is particularly critical in multi-user Windows environments where CRYHOD is installed, as it could allow local attackers to escalate privileges and compromise system confidentiality and availability.

The vulnerability poses a significant risk to organizations using CRYHOD for Windows, especially in environments with multiple users sharing the same system. Unauthorized users can access dedicated folders containing technical files and misuse them to perform tasks with elevated privileges, leading to potential data breaches (confidentiality impact) and service disruptions (availability impact). This could result in exposure of sensitive information, disruption of critical processes, and potential lateral movement within networks if attackers gain elevated privileges. The high attack complexity and requirement for local access limit remote exploitation but do not eliminate risk in environments where insider threats or compromised user accounts exist. The scope change indicates that the vulnerability affects components beyond the immediate application, potentially impacting other system resources. Organizations relying on CRYHOD for sensitive operations or in regulated industries may face compliance and operational risks if this vulnerability is exploited.

To mitigate CVE-2024-46465, organizations should immediately review and modify the access permissions of CRYHOD’s dedicated folders on Windows systems to ensure they are not accessible by unauthorized users. This involves configuring the file system ACLs (Access Control Lists) to restrict folder access strictly to the intended service accounts or administrators. Employ the principle of least privilege by granting only necessary permissions to users and services interacting with CRYHOD. Additionally, implement monitoring and auditing of access to these folders to detect any unauthorized attempts. If possible, isolate CRYHOD installations on dedicated machines or virtual environments to limit local user access. Regularly update CRYHOD configurations following vendor guidance once patches or updates become available. Educate system administrators about the risks of default folder permissions and enforce strict local user account management policies. Finally, consider deploying endpoint protection solutions capable of detecting suspicious local privilege escalation attempts related to file misuse.