PT-2024-5916 · Cisco · Cisco Meraki Systems Manager (Sm) Agent For Windows
Jony_Juice
·
Published
2024-09-04
·
Updated
2024-09-18
·
CVE-2024-20430
CVSS v3.1
7.3
High
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cisco Meraki Systems Manager (SM) Agent for Windows (affected versions not specified)
Description
A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. This issue is due to incorrect handling of directory search paths at runtime. An attacker could exploit this by placing malicious configuration files and malicious DLL files on an affected system, which would be read and executed when Cisco Meraki SM launches on startup, potentially allowing the attacker to execute arbitrary code on the affected system with SYSTEM privileges.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Meraki Systems Manager (Sm) Agent For Windows