CVE-2024-7562 - Vulnerability Details - OpenCVE

A potential elevated privilege issue has been reported with InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured. All supported versions (InstallShield 2023 R2, InstallShield 2022 R2 and InstallShield 2021 R2) are affected by this issue.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://community.revenera.com/s/article/cve-2024-7562-privilege-escalation-vulnerability-in-created-msi-packages

History

Tue, 17 Jun 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 12 Jun 2025 16:15:00 +0000

Type	Values Removed	Values Added
Description		A potential elevated privilege issue has been reported with InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured. All supported versions (InstallShield 2023 R2, InstallShield 2022 R2 and InstallShield 2021 R2) are affected by this issue.
Weaknesses		CWE-379
References		https://community.revenera.com/s/article/cve-2024-7562-privilege-escalation-vulnerability-in-created-msi-packages
Metrics		cvssV4_0 `{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2025-06-12T16:05:31.562Z

Updated: 2025-06-17T18:17:28.748Z

Reserved: 2024-08-06T14:57:11.091Z

Link: CVE-2024-7562

Vulnrichment

Updated: 2025-06-12T17:12:10.514Z

NVD

Status : Awaiting Analysis

Published: 2025-06-12T16:15:22.320

Modified: 2025-06-16T12:32:18.840

Link: CVE-2024-7562

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7562", "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "state": "PUBLISHED", "assignerShortName": "flexera", "dateReserved": "2024-08-06T14:57:11.091Z", "datePublished": "2025-06-12T16:05:31.562Z", "dateUpdated": "2025-06-17T18:17:28.748Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "InstallShield", "vendor": "Revenera", "versions": [{"status": "affected", "version": "2023 R2", "versionType": "custom"}, {"status": "affected", "version": "2022 R2", "versionType": "custom"}, {"status": "affected", "version": "2021 R2", "versionType": "custom"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured.<br>"}], "value": "InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured."}], "credits": [{"lang": "en", "type": "finder", "value": "Sandro Poppi"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A potential elevated privilege issue has been reported with InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured. All supported versions (InstallShield 2023 R2, InstallShield 2022 R2 and InstallShield 2021 R2) are affected by this issue.</p><br>"}], "value": "A potential elevated privilege issue has been reported with InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured. All supported versions (InstallShield 2023 R2, InstallShield 2022 R2 and InstallShield 2021 R2) are affected by this issue."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 7.3, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-379", "description": "CWE-379", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera", "dateUpdated": "2025-06-12T16:05:31.562Z"}, "references": [{"url": "https://community.revenera.com/s/article/cve-2024-7562-privilege-escalation-vulnerability-in-created-msi-packages"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-12T17:12:01.279311Z", "id": "CVE-2024-7562", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T18:17:28.748Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7562", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-12T17:12:01.279311Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-12T17:12:10.514Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Sandro Poppi"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.3, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Revenera", "product": "InstallShield", "versions": [{"status": "affected", "version": "2023 R2", "versionType": "custom"}, {"status": "affected", "version": "2022 R2", "versionType": "custom"}, {"status": "affected", "version": "2021 R2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://community.revenera.com/s/article/cve-2024-7562-privilege-escalation-vulnerability-in-created-msi-packages"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A potential elevated privilege issue has been reported with InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured. All supported versions (InstallShield 2023 R2, InstallShield 2022 R2 and InstallShield 2021 R2) are affected by this issue.", "supportingMedia": [{"type": "text/html", "value": "<p>A potential elevated privilege issue has been reported with InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured. All supported versions (InstallShield 2023 R2, InstallShield 2022 R2 and InstallShield 2021 R2) are affected by this issue.</p><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-379", "description": "CWE-379"}]}], "configurations": [{"lang": "en", "value": "InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured.", "supportingMedia": [{"type": "text/html", "value": "InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured.<br>", "base64": false}]}], "providerMetadata": {"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera", "dateUpdated": "2025-06-12T16:05:31.562Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7562", "state": "PUBLISHED", "dateUpdated": "2025-06-17T18:17:28.748Z", "dateReserved": "2024-08-06T14:57:11.091Z", "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "datePublished": "2025-06-12T16:05:31.562Z", "assignerShortName": "flexera"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A potential elevated privilege issue has been reported with InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured. All supported versions (InstallShield 2023 R2, InstallShield 2022 R2 and InstallShield 2021 R2) are affected by this issue."}, {"lang": "es", "value": "Se ha reportado un posible problema de privilegios elevados en configuraciones MSI independientes de InstallShield con varias acciones personalizadas de InstallScript configuradas. Todas las versiones compatibles (InstallShield 2023 R2, InstallShield 2022 R2 e InstallShield 2021 R2) se ven afectadas por este problema."}], "id": "CVE-2024-7562", "lastModified": "2025-06-16T12:32:18.840", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "PSIRT-CNA@flexerasoftware.com", "type": "Secondary"}]}, "published": "2025-06-12T16:15:22.320", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "url": "https://community.revenera.com/s/article/cve-2024-7562-privilege-escalation-vulnerability-in-created-msi-packages"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-379"}], "source": "PSIRT-CNA@flexerasoftware.com", "type": "Secondary"}]}