CVE-2024-23773

{"id": "CVE-2024-23773", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-04-30T14:15:15.040", "references": [{"url": "https://support.quest.com/kb/4375402/quest-response-to-kace-sma-agent-vulnerabilities-cve-2024-23772-cve-2024-23773-cve-2024-23774", "source": "cve@mitre.org"}, {"url": "https://www.quest.com/kace/", "source": "cve@mitre.org"}, {"url": "https://support.quest.com/kb/4375402/quest-response-to-kace-sma-agent-vulnerabilities-cve-2024-23772-cve-2024-23773-cve-2024-23774", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.quest.com/kace/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file delete vulnerability exists in the KSchedulerSvc.exe component. Local attackers can delete any file of their choice with NT Authority\\SYSTEM privileges."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Quest KACE Agent para Windows 12.0.38 y 13.1.23.0. Existe una vulnerabilidad de eliminaci\u00f3n arbitraria de archivos en el componente KSchedulerSvc.exe. Los atacantes locales pueden eliminar cualquier archivo de su elecci\u00f3n con privilegios NT Authority\\SYSTEM."}], "lastModified": "2024-11-21T08:58:22.803", "sourceIdentifier": "cve@mitre.org"}