PT-2024-19121 · Microsoft+1 · System Center Configuration Manager+1
Published
2024-11-12
·
Updated
2024-12-18
·
CVE-2024-21938
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
AMD Management Plugin for Microsoft System Center Configuration Manager (SCCM) versions prior to 7.0.0.1318
Description
The issue is related to incorrect default permissions in the AMD Management Plugin for the Microsoft System Center Configuration Manager (SCCM) installation directory. This could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
Recommendations
For AMD Management Plugin for Microsoft System Center Configuration Manager (SCCM) versions prior to 7.0.0.1318, upgrade to version 7.0.0.1318 or later to mitigate the issue. As a temporary workaround, consider restricting access to the installation directory to minimize the risk of exploitation.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Amd Management Plugin
System Center Configuration Manager