{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-20430", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2023-11-08T15:08:07.666Z", "datePublished": "2024-09-12T19:37:52.614Z", "dateUpdated": "2024-09-12T19:55:15.962Z"}, "containers": {"cna": {"title": "Cisco Meraki Systems Manager Agent for Windows Privilege Escalation Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. \r\n\r\nThis vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this vulnerability by placing both malicious configuration files and malicious DLL files on an affected system, which would read and execute the files when Cisco Meraki SM launches on startup. A successful exploit could allow the attacker to execute arbitrary code on the affected system with SYSTEM privileges. "}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-agent-dll-hj-Ptn7PtKe", "name": "cisco-sa-meraki-agent-dll-hj-Ptn7PtKe"}], "exploits": [{"lang": "en", "value": "As of the publication of this advisory, the Cisco Meraki Product Security Incident Response Team (PSIRT) was not aware of any public announcement or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-meraki-agent-dll-hj-Ptn7PtKe", "discovery": "INTERNAL"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Uncontrolled Search Path Element", "type": "cwe", "cweId": "CWE-427"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Meraki Systems Manager Agent", "versions": [{"version": "4.1.5", "status": "affected"}, {"version": "4.1.4", "status": "affected"}, {"version": "4.1.1", "status": "affected"}, {"version": "4.0", "status": "affected"}, {"version": "3.8.2", "status": "affected"}, {"version": "3.7.2", "status": "affected"}, {"version": "3.7.1", "status": "affected"}, {"version": "3.7.0", "status": "affected"}, {"version": "3.6.0", "status": "affected"}, {"version": "3.5.2", "status": "affected"}, {"version": "3.1.4", "status": "affected"}, {"version": "3.1.3", "status": "affected"}, {"version": "3.1.2", "status": "affected"}, {"version": "3.1.1", "status": "affected"}, {"version": "3.0.3", "status": "affected"}, {"version": "3.0.2", "status": "affected"}, {"version": "3.0.1", "status": "affected"}, {"version": "3.0.0", "status": "affected"}, {"version": "2.0.0", "status": "affected"}, {"version": "1.0.99", "status": "affected"}, {"version": "1.0.98", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-09-12T19:37:52.614Z"}}, "adp": [{"affected": [{"vendor": "cisco", "product": "meraki_systems_manager_agent", "cpes": ["cpe:2.3:a:cisco:meraki_systems_manager_agent:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.2.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-12T19:48:32.802767Z", "id": "CVE-2024-20430", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T19:55:15.962Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-20430", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-12T19:48:32.802767Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:cisco:meraki_systems_manager_agent:*:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "meraki_systems_manager_agent", "versions": [{"status": "affected", "version": "0", "lessThan": "4.2.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T19:55:09.627Z"}}], "cna": {"title": "Cisco Meraki Systems Manager Agent for Windows Privilege Escalation Vulnerability", "source": {"advisory": "cisco-sa-meraki-agent-dll-hj-Ptn7PtKe", "discovery": "INTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Meraki Systems Manager Agent", "versions": [{"status": "affected", "version": "4.1.5"}, {"status": "affected", "version": "4.1.4"}, {"status": "affected", "version": "4.1.1"}, {"status": "affected", "version": "4.0"}, {"status": "affected", "version": "3.8.2"}, {"status": "affected", "version": "3.7.2"}, {"status": "affected", "version": "3.7.1"}, {"status": "affected", "version": "3.7.0"}, {"status": "affected", "version": "3.6.0"}, {"status": "affected", "version": "3.5.2"}, {"status": "affected", "version": "3.1.4"}, {"status": "affected", "version": "3.1.3"}, {"status": "affected", "version": "3.1.2"}, {"status": "affected", "version": "3.1.1"}, {"status": "affected", "version": "3.0.3"}, {"status": "affected", "version": "3.0.2"}, {"status": "affected", "version": "3.0.1"}, {"status": "affected", "version": "3.0.0"}, {"status": "affected", "version": "2.0.0"}, {"status": "affected", "version": "1.0.99"}, {"status": "affected", "version": "1.0.98"}], "defaultStatus": "unknown"}], "exploits": [{"lang": "en", "value": "As of the publication of this advisory, the Cisco Meraki Product Security Incident Response Team (PSIRT) was not aware of any public announcement or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-agent-dll-hj-Ptn7PtKe", "name": "cisco-sa-meraki-agent-dll-hj-Ptn7PtKe"}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. \r\n\r\nThis vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this vulnerability by placing both malicious configuration files and malicious DLL files on an affected system, which would read and execute the files when Cisco Meraki SM launches on startup. A successful exploit could allow the attacker to execute arbitrary code on the affected system with SYSTEM privileges. "}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-427", "description": "Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-09-12T19:37:52.614Z"}}}, "cveMetadata": {"cveId": "CVE-2024-20430", "state": "PUBLISHED", "dateUpdated": "2024-09-12T19:55:15.962Z", "dateReserved": "2023-11-08T15:08:07.666Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2024-09-12T19:37:52.614Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:meraki_systems_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BDCEB39F-E02D-4A04-BA4A-5E43E532CF64", "versionEndExcluding": "4.2.0", "versionStartIncluding": "1.0.98", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. \r\n\r\nThis vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this vulnerability by placing both malicious configuration files and malicious DLL files on an affected system, which would read and execute the files when Cisco Meraki SM launches on startup. A successful exploit could allow the attacker to execute arbitrary code on the affected system with SYSTEM privileges. "}, {"lang": "es", "value": "Una vulnerabilidad en Cisco Meraki Systems Manager (SM) Agent para Windows podr\u00eda permitir que un atacante local autenticado ejecute c\u00f3digo arbitrario con privilegios elevados. Esta vulnerabilidad se debe a un manejo incorrecto de las rutas de b\u00fasqueda de directorios en tiempo de ejecuci\u00f3n. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad colocando archivos de configuraci\u00f3n y archivos DLL maliciosos en un sistema afectado, que leer\u00eda y ejecutar\u00eda los archivos cuando Cisco Meraki SM se inicie. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante ejecute c\u00f3digo arbitrario en el sistema afectado con privilegios de SYSTEM."}], "id": "CVE-2024-20430", "lastModified": "2024-09-18T18:56:05.510", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2024-09-12T20:15:04.407", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-agent-dll-hj-Ptn7PtKe"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}