Local Attacker Can Escalate Privileges via Export System Info Function in MSI CentralServer.exe
CVE-2024-37726

6.8MEDIUM

Key Information:

Vendor: Micro-Star International Co., Ltd
Vendor: CVE Published:; 3 July 2024

🔔 Create Micro-Star International Co., Ltd Vulnerability Alert

Badges

📰 News Worthy

What is CVE-2024-37726?

Insecure Permissions vulnerability in Micro-Star International Co., Ltd MSI Center v.2.0.36.0 allows a local attacker to escalate privileges via the Export System Info function in MSI.CentralServer.exe

News Articles

CybersecurityNews

CVE-2024-37726

MSI Installer Vulnerability Let Attackers Escalate Privileges with Windows Systems

A critical local privilege escalation vulnerability has been discovered in MSI Center versions 2.0.36.0 and earlier, allowing low-privileged users to escalate their privileges on Windows systems.

References

https://github.com/carsonchan12345/CVE-2024-37726-MSI-Cen...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by CybersecurityNews
Jul 4, 2024
Vulnerability published
Jul 3, 2024
Vulnerability Reserved
Jun 10, 2024

CVE-2024-37726 Data

JSON