CVE-2024-6364 is a vulnerability identified in Absolute Security's Absolute Persistence product, specifically in versions prior to 2.8 when the product is not activated. Absolute Persistence is a firmware-based security and device management solution often embedded in endpoint devices for persistent security controls. The vulnerability allows a skilled attacker who has both physical access to the device and full hostile network control to execute operating system commands on the affected device. This implies that the attacker must be able to interact directly with the device hardware and simultaneously control the network environment to exploit the flaw. The vulnerability is classified under CWE-284, which relates to improper access control, indicating that the product fails to adequately restrict command execution under certain conditions. The CVSS 4.0 base score is 6.9 (medium severity), reflecting that exploitation requires high attack complexity and privileges but results in high confidentiality and integrity impacts. The vulnerability does not require user interaction but does require physical presence and network control, limiting remote exploitation. No known exploits are reported in the wild yet. The recommended remediation is to update the device firmware to the latest version (2.8 or later) where the vulnerability is fixed. Since Absolute Persistence is embedded firmware, updating may require coordination with device manufacturers or Absolute Security support. This vulnerability highlights risks in endpoint firmware security, especially in scenarios where devices may be physically accessible to attackers, such as in shared or public environments or during device transit.

For European organizations, this vulnerability poses a significant risk primarily in environments where devices are physically accessible to potential attackers, such as corporate offices, public access points, or supply chains. Exploitation could lead to unauthorized OS command execution, potentially allowing attackers to manipulate system configurations, exfiltrate sensitive data, or disrupt device operations. The high impact on confidentiality and integrity could compromise sensitive corporate or personal data, leading to regulatory non-compliance under GDPR and other data protection laws. The requirement for physical access and hostile network control limits the threat to scenarios involving insider threats, targeted physical attacks, or sophisticated supply chain compromises. However, given the widespread use of Absolute Persistence in endpoint security solutions, organizations relying on this product must consider the risk of lateral movement or persistent footholds established by attackers exploiting this vulnerability. The lack of known exploits in the wild reduces immediate risk but does not eliminate the potential for future attacks, especially as firmware vulnerabilities tend to be attractive targets for advanced threat actors.

1. Immediate firmware upgrade: Coordinate with device manufacturers or Absolute Security to obtain and deploy the latest firmware version (2.8 or later) that patches this vulnerability. 2. Physical security enhancements: Strengthen physical access controls to devices, including secure storage, restricted access areas, and tamper-evident seals to reduce the risk of unauthorized physical access. 3. Network segmentation: Isolate critical devices and enforce strict network segmentation to limit the ability of an attacker to gain hostile network control simultaneously with physical access. 4. Endpoint monitoring: Implement advanced endpoint detection and response (EDR) solutions capable of detecting unusual OS command execution or firmware tampering attempts. 5. Supply chain security: Verify device integrity upon receipt and consider secure boot or hardware attestation mechanisms to detect unauthorized firmware modifications. 6. Incident response readiness: Develop and test incident response plans that include scenarios involving firmware compromise and physical device attacks. 7. User awareness: Educate staff about the risks of physical device exposure and encourage reporting of suspicious activity or device tampering.