A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges.
This vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this vulnerability by placing both malicious configuration files and malicious DLL files on an affected system, which would read and execute the files when Cisco Meraki SM launches on startup. A successful exploit could allow the attacker to execute arbitrary code on the affected system with SYSTEM privileges.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Sep 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Cisco meraki Systems Manager
|
|
CPEs | cpe:2.3:a:cisco:meraki_systems_manager:*:*:*:*:*:windows:*:* | |
Vendors & Products |
Cisco meraki Systems Manager
|
Thu, 12 Sep 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Cisco
Cisco meraki Systems Manager Agent |
|
CPEs | cpe:2.3:a:cisco:meraki_systems_manager_agent:*:*:*:*:*:*:*:* | |
Vendors & Products |
Cisco
Cisco meraki Systems Manager Agent |
|
Metrics |
ssvc
|
Thu, 12 Sep 2024 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. This vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this vulnerability by placing both malicious configuration files and malicious DLL files on an affected system, which would read and execute the files when Cisco Meraki SM launches on startup. A successful exploit could allow the attacker to execute arbitrary code on the affected system with SYSTEM privileges. | |
Title | Cisco Meraki Systems Manager Agent for Windows Privilege Escalation Vulnerability | |
Weaknesses | CWE-427 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2024-09-12T19:37:52.614Z
Updated: 2024-09-12T19:55:15.962Z
Reserved: 2023-11-08T15:08:07.666Z
Link: CVE-2024-20430
Vulnrichment
Updated: 2024-09-12T19:55:09.627Z
NVD
Status : Analyzed
Published: 2024-09-12T20:15:04.407
Modified: 2024-09-18T18:56:05.510
Link: CVE-2024-20430
Redhat
No data.