Description

A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges.  This vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this vulnerability by placing both malicious configuration files and malicious DLL files on an affected system, which would read and execute the files when Cisco Meraki SM launches on startup. A successful exploit could allow the attacker to execute arbitrary code on the affected system with SYSTEM privileges. 

INFO

Published Date :

2024-09-12T19:37:52.614Z

Last Modified :

2024-09-12T19:55:15.962Z

Source :

cisco
AFFECTED PRODUCTS

The following products are affected by CVE-2024-20430 vulnerability.

Vendors Products
Cisco
  • Meraki Systems Manager
  • Meraki Systems Manager Agent
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-20430.

URL Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-agent-dll-hj-Ptn7PtKe cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact