CVE-2024-6689

July 15, 2024, 2:15 p.m.

CVSS Score

7.8 / 10

Product(s) Impacted

baramundi Management Agent

  • 23.1.172.0

Description

Local Privilege Escalation in MSI-Installer in baramundi Management Agent v23.1.172.0 on Windows allows a local unprivileged user to escalate privileges to SYSTEM.

Weaknesses

CWE-749
Exposed Dangerous Method or Function

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

CWE ID: 749

Date

Published: July 15, 2024, 2:15 p.m.

Last Modified: July 15, 2024, 2:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

a341c0d1-ebf7-493f-a84e-38cf86618674

CVSS Data

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score
7.8
Exploitability Score
1.1
Impact Score
6.0
Base Severity
HIGH
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

References

https://www.baramundi.com/en-us/security-info/s-2024-01/
a341c0d1-ebf7-493f-a84e-38cf86618674