CVE-2024-21957 – This vulnerability allows local attackers to es... (How to Fix)

Q: What is the severity of CVE-2024-21957?

CVE-2024-21957 has a CVSS score of 7.3 (HIGH). This vulnerability allows local attackers to escalate privileges by exploiting incorrect default permissions in the AMD Management Console installation directory. Attackers could modify files in the directory to execute arbitrary code with elevated privileges. This affects systems with AMD Management Console installed.

📋 TL;DR

This vulnerability allows local attackers to escalate privileges by exploiting incorrect default permissions in the AMD Management Console installation directory. Attackers could modify files in the directory to execute arbitrary code with elevated privileges. This affects systems with AMD Management Console installed.

💻 Affected Systems

Products:

AMD Management Console

Versions: All versions prior to the fix

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where AMD Management Console is installed. The vulnerability exists in the default installation permissions.

📦 What is this software?

Management Console by Amd

View all CVEs affecting Management Console →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, allowing attackers to install malware, steal credentials, or pivot to other systems.

🟠

Likely Case

Local privilege escalation leading to persistence mechanisms, credential harvesting, or lateral movement within the network.

🟢

If Mitigated

Limited impact with proper access controls and monitoring, potentially detected before full exploitation.

🌐 Internet-Facing: LOW - This requires local access to the system, not directly exploitable over the internet.

🏢 Internal Only: HIGH - Local attackers or malware with user-level access can exploit this to gain administrative privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the system. The vulnerability is in file permissions, making exploitation straightforward for attackers with user-level access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check AMD advisory for specific patched versions

Vendor Advisory: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9003.html

Restart Required: Yes

Instructions:

1. Visit the AMD security advisory page
2. Download the latest version of AMD Management Console
3. Install the update following AMD's instructions
4. Restart the system as required

🔧 Temporary Workarounds

Restrict directory permissions

windows

Manually adjust permissions on the AMD Management Console installation directory to restrict write access to authorized users only.

icacls "C:\Program Files\AMD\Management Console" /inheritance:r /grant:r "Administrators:(OI)(CI)F" /grant:r "SYSTEM:(OI)(CI)F" /grant:r "Users:(OI)(CI)RX"

🧯 If You Can't Patch

Remove AMD Management Console if not required
Implement strict access controls and monitoring on the installation directory

🔍 How to Verify

Check if Vulnerable:

Check if AMD Management Console is installed and review directory permissions for excessive write access.

Check Version:

Check AMD Management Console 'About' section or review installed programs in Control Panel

Verify Fix Applied:

Verify the AMD Management Console version is updated and directory permissions are properly restricted.

📡 Detection & Monitoring

Log Indicators:

Unexpected file modifications in AMD Management Console directory
Process execution from unusual locations
Privilege escalation attempts

Network Indicators:

None - this is a local privilege escalation vulnerability

SIEM Query:

EventID=4688 AND (ProcessName contains 'amd' OR CommandLine contains 'amd') AND NewProcessName contains 'cmd.exe' OR 'powershell.exe'

📊 Metadata

CVE ID: CVE-2024-21957

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-276

Published: November 12, 2024

Last Updated: December 18, 2024

🔗 References

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9003.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-21957, you might also want to check these: