Skip to main content

CVE-2024-47550: Escalation of Privilege in Endurance Gaming Mode software installers

Medium
VulnerabilityCVE-2024-47550cvecve-2024-47550
Published: Tue May 13 2025 (05/13/2025, 21:03:18 UTC)
Source: CVE
Vendor/Project: n/a
Product: Endurance Gaming Mode software installers

Description

Incorrect default permissions for some Endurance Gaming Mode software installers may allow an authenticated user to potentially enable escalation of privilege via local access.

AI-Powered Analysis

AILast updated: 07/06/2025, 14:10:25 UTC

Technical Analysis

CVE-2024-47550 is a medium-severity vulnerability affecting the Endurance Gaming Mode software installers. The core issue arises from incorrect default permissions set on certain installer components, which may allow an authenticated user with local access to escalate their privileges on the affected system. Specifically, the vulnerability requires that the attacker already have some level of authenticated access (low privileges) and involves local interaction with the system. Due to the improper permission settings, the attacker could potentially modify or replace installer files or related components, thereby gaining higher privileges than originally granted. The vulnerability does not require network access and is not exploitable remotely, as indicated by the CVSS vector (AV:L). The attack complexity is high, meaning exploitation requires specific conditions or expertise, and user interaction is needed. The vulnerability impacts confidentiality, integrity, and availability at a high level once exploited, as it allows privilege escalation. However, the scope is limited to local systems where the Endurance Gaming Mode software is installed, and no known exploits are currently in the wild. The CVSS 4.0 score of 5.4 reflects a medium severity level, balancing the potential impact with the difficulty and prerequisites for exploitation.

Potential Impact

For European organizations, the primary impact of CVE-2024-47550 lies in the potential for unauthorized privilege escalation on endpoints running the Endurance Gaming Mode software. This could lead to unauthorized access to sensitive data, modification of system configurations, or installation of persistent malware. Organizations with gaming or performance optimization software deployed on employee or public-facing systems may face increased risk. The vulnerability could be leveraged by insider threats or attackers who have gained initial low-level access to escalate privileges and move laterally within networks. This is particularly concerning for sectors with strict data protection requirements under GDPR, as privilege escalation could facilitate data breaches or unauthorized data manipulation. However, the requirement for local access and user interaction limits the risk of widespread remote exploitation. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the need for vigilance.

Mitigation Recommendations

To mitigate CVE-2024-47550, European organizations should: 1) Audit and review permissions on Endurance Gaming Mode software installers and related files to ensure they follow the principle of least privilege, restricting write and modify permissions to trusted administrators only. 2) Apply any available patches or updates from the software vendor as soon as they are released; if no patches are currently available, consider temporarily disabling or uninstalling the affected software on critical systems. 3) Implement strict local access controls and endpoint security measures to limit authenticated user privileges, especially on systems where this software is installed. 4) Monitor for unusual local privilege escalation attempts or modifications to installer files using endpoint detection and response (EDR) tools. 5) Educate users about the risks of interacting with installer files and the importance of reporting suspicious activity. 6) Employ application whitelisting and integrity verification mechanisms to detect unauthorized changes to software installers.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
intel
Date Reserved
2024-09-26T03:00:15.623Z
Cisa Enriched
true
Cvss Version
4.0
State
PUBLISHED

Threat ID: 682cd0fb1484d88663aec8ed

Added to database: 5/20/2025, 6:59:07 PM

Last enriched: 7/6/2025, 2:10:25 PM

Last updated: 8/14/2025, 7:34:51 AM

Views: 16

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats