CVE-2023-6080

Name of the Vulnerable Software and Affected Versions Lakeside Software’s SysTrack LsiAgent Installer version 10.7.8 for Windows

Description The issue is a local privilege escalation vulnerability that allows attackers to gain SYSTEM level access. This flaw is present in the SysTrack LsiAgent Installer for Windows, which can be exploited by low-privilege users to execute arbitrary code. The vulnerability was discovered and reported by Mandiant, and it is related to flaws in the MSI repair process.

Recommendations For Lakeside Software’s SysTrack LsiAgent Installer version 10.7.8 for Windows, update to version 11.0 to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the vulnerable installer until a patch is applied. Ensure your systems are updated to the latest version to minimize the risk of exploitation.