Privilege Escalation Vulnerability in AMD Management Plugin for Microsoft System Center Configuration Manager
CVE-2024-21938

7.8HIGH

Key Information:

Vendor: Amd
Status: Management Plugin For Sccm
Vendor: CVE Published:; 12 November 2024

Summary

A vulnerability exists in the AMD Management Plugin for the Microsoft System Center Configuration Manager (SCCM) that stems from incorrect default permissions in the installation directory. This misconfiguration can allow an attacker to escalate their privileges, potentially leading to arbitrary code execution on affected systems. Organizations using the AMD Management Plugin should review their configurations and apply the latest patches to mitigate this risk.

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024

Collectors

NVD Database