Search

Vulnerability in baramundi Management Agent (CVE-2024-6689)

Search

Vulnerability in baramundi Management Agent (CVE-2024-6689)

The baramundi Management Agent is used for software distribution in enterprise environments.

Local Privilege Escalation in baramundi Management Agent via MSI Installer

Local privilege escalation in MSI Installer in baramundi Management Agent v23.1.172.0 on Windows allows a local unprivileged user to escalate privileges to SYSTEM.

It was possible to invoke the repair function for the installer as an unprivileged user. During the repair process, a conhost.exe window would appear on the user’s screen. After clicking within the window to freeze it and then starting a browser via the properties dialog, it was possible to spawn a cmd.exe as SYSTEM.

The vulnerability was acknowledged and fixed by baramundi within three months. We want to thank baramundi for its exemplary reaction to the vulnerability report.

CVSS Score
7.8 (CVSS v3) – https://nvd.nist.gov/vuln/detail/CVE-2024-6689

CVSS Vector String
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Version
baramundi Management Agent Version 23.1.172.0

Fixed Version
23.1.248

References
https://www.baramundi.com/en-us/security-info/s-2024-01/

Credits
Kolja Grassmann (cirosec GmbH)

Timeline

Do you want to protect your systems? Get in touch with us.
Search
Search