What is the CVSS score of CVE-2024-23301?

CVE-2024-23301 has a CVSS 3.1 base score of 5.5 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of Enterprise Linux are affected by CVE-2024-23301?

CVE-2024-23301 presents moderate security risk, a incorrect default permissions vulnerability rated CVSS 5.5. Attackers could gain access beyond their authorized level.. A patch is available.

Is there a public PoC exploit available for CVE-2024-23301?

Yes, a public proof-of-concept exploit is available for CVE-2024-23301. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2024-23301?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Review and tighten file/resource permissions.

Enterprise Linux CVE-2024-23301

MEDIUM

Incorrect Default Permissions (CWE-276)

2024-01-12 cve@mitre.org

Privilege Escalation Enterprise Linux Fedora Relax And Recover Linux Enterprise

5.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:34 vuln.today

Patch released

Mar 28, 2026 - 19:34 nvd

Patch available

PoC Detected

Dec 10, 2025 - 17:15 vuln.today

Public exploit code

CVE Published

Jan 12, 2024 - 23:15 nvd

MEDIUM 5.5

DescriptionNVD

Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.

AnalysisAI

Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Incorrect Default Permissions (CWE-276), which allows attackers to access resources due to overly permissive default settings. Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. Affected products include: Relax-And-Recover, Suse Linux Enterprise, Redhat Enterprise Linux, Fedoraproject Fedora. Version information: through 2.7.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Set restrictive default permissions, follow principle of least privilege, review defaults during deployment.

CVE-2024-23301 vulnerability details – vuln.today

Back

Enterprise Linux CVE-2024-23301

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code