CVE-2024-47856 — CRITICAL (9.8)

Q: How severe is CVE-2024-47856?

CVE-2024-47856 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2024-47856?

Check the references section above for vendor advisories and patch information. Affected products include: Rsa Authentication Agent For Windows.

Vulnerability Description

In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to path interception if the path has one or more spaces and is not surrounded by quotation marks. An adversary can place an executable in a higher-level directory of the path, and Windows will resolve that executable instead of the intended executable.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Rsa	Authentication Agent For Windows	< 7.4.7

Related Weaknesses (CWE)

CWE-23

References

https://community.rsa.com/s/article/RSA-2024-13-RSA-Authentication-Agent-for-MicVendor Advisory
https://community.rsa.com/s/product-download/a9G4u000000mCOYEAU/rsa-authenticatiPermissions Required

FAQ

What is CVE-2024-47856?

CVE-2024-47856 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to path interception if the path has one or more spaces and is not surrounded by quotation marks. An advers...

How severe is CVE-2024-47856?

CVE-2024-47856 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-47856?

Check the references section above for vendor advisories and patch information. Affected products include: Rsa Authentication Agent For Windows.