Privilege Escalation Vulnerability in AMD Cloud Manageability Service
CVE-2024-21939

7.3HIGH

Key Information:

Vendor: Amd
Status: Cloud Manageability Service
Vendor: CVE Published:; 12 November 2024

Summary

The vulnerability arises from incorrect default permissions within the installation directory of the AMD Cloud Manageability Service (ACMS). This flaw may allow an attacker to escalate privileges, leading to the potential execution of arbitrary code. Such a scenario could compromise system integrity and expose sensitive information, making it critical for users to address this security issue promptly.

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024

Collectors

NVD Database