CVE-2024-20430

{"id": "CVE-2024-20430", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}]}, "published": "2024-09-12T20:15:04.407", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-agent-dll-hj-Ptn7PtKe", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-427"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. \r\n\r\nThis vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this vulnerability by placing both malicious configuration files and malicious DLL files on an affected system, which would read and execute the files when Cisco Meraki SM launches on startup. A successful exploit could allow the attacker to execute arbitrary code on the affected system with SYSTEM privileges. "}, {"lang": "es", "value": "Una vulnerabilidad en Cisco Meraki Systems Manager (SM) Agent para Windows podr\u00eda permitir que un atacante local autenticado ejecute c\u00f3digo arbitrario con privilegios elevados. Esta vulnerabilidad se debe a un manejo incorrecto de las rutas de b\u00fasqueda de directorios en tiempo de ejecuci\u00f3n. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad colocando archivos de configuraci\u00f3n y archivos DLL maliciosos en un sistema afectado, que leer\u00eda y ejecutar\u00eda los archivos cuando Cisco Meraki SM se inicie. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante ejecute c\u00f3digo arbitrario en el sistema afectado con privilegios de SYSTEM."}], "lastModified": "2024-09-18T18:56:05.510", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:meraki_systems_manager:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "BDCEB39F-E02D-4A04-BA4A-5E43E532CF64", "versionEndExcluding": "4.2.0", "versionStartIncluding": "1.0.98"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}