CVE-2024-23772

{"id": "CVE-2024-23772", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 1.8}]}, "published": "2024-04-30T14:15:14.977", "references": [{"url": "https://support.quest.com/kb/4375402/quest-response-to-kace-sma-agent-vulnerabilities-cve-2024-23772-cve-2024-23773-cve-2024-23774", "source": "cve@mitre.org"}, {"url": "https://www.quest.com/kace/", "source": "cve@mitre.org"}, {"url": "https://support.quest.com/kb/4375402/quest-response-to-kace-sma-agent-vulnerabilities-cve-2024-23772-cve-2024-23773-cve-2024-23774", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.quest.com/kace/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This allows local attackers to create any file of their choice with NT Authority\\SYSTEM privileges."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Quest KACE Agent para Windows 12.0.38 y 13.1.23.0. Existe una vulnerabilidad de creaci\u00f3n de archivos arbitrarios en los componentes KSchedulerSvc.exe, KUserAlert.exe y Runkbot.exe. Esto permite a los atacantes locales crear cualquier archivo de su elecci\u00f3n con privilegios NT Authority\\SYSTEM."}], "lastModified": "2024-11-21T08:58:22.583", "sourceIdentifier": "cve@mitre.org"}