Arbitrary Code Execution Vulnerability in Cisco Meraki Systems Manager for Windows
CVE-2024-20430

7.3HIGH

Key Information:

Vendor: Cisco
Status: Meraki Systems Manager
Vendor: CVE Published:; 12 September 2024

Badges

📰 News Worthy

Summary

A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows allows an authenticated, local attacker to execute arbitrary code with elevated privileges. This issue arises from the improper handling of directory search paths during runtime. A low-privileged attacker could exploit this flaw by placing malicious configuration and DLL files onto the compromised system, which would subsequently be read and executed when the Cisco Meraki SM launches at startup. If successfully exploited, this vulnerability enables the attacker to gain SYSTEM-level privileges, leading to a significant compromise of the affected system.

News Articles

Cyber Security News

CVE-2024-20430

Cisco Systems Manager for Windows Vulnerability Let Attackers Escalate Privilege

Cisco Systems Manager Vulnerability, CVE-2024-20430, allows authenticated local attackers to execute arbitrary code.

5 months ago

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 12, 2024
📰
First article discovered by Cyber Security News
Sep 5, 2024

Key Information:

Badges

Summary

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

Cisco Systems Manager for Windows Vulnerability Let Attackers Escalate Privilege

References

CVSS V3.1

Timeline