CVE-2024-50804
📋 TL;DR
This vulnerability allows a local attacker to execute arbitrary code with elevated privileges on systems running MSI Center Pro 2.1.37.0. By exploiting insecure permissions on the Device_DeviceID.dat.bak file, an attacker can write malicious code that gets executed by the application. Only users with local access to affected Windows systems are at risk.
💻 Affected Systems
- MSI Center Pro
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise via privilege escalation to SYSTEM/administrator level, enabling installation of persistent malware, data theft, or ransomware deployment.
Likely Case
Local privilege escalation allowing attackers to bypass security controls, install additional malware, or access restricted system resources.
If Mitigated
Limited impact if proper access controls and least privilege principles are enforced, though local code execution remains possible.
🎯 Exploit Status
Exploitation requires local access but is straightforward once access is obtained. The referenced GitHub page contains technical details.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Unknown
Restart Required: No
Instructions:
Check MSI official website for security updates. Uninstall MSI Center Pro 2.1.37.0 if no patch is available.
🔧 Temporary Workarounds
Restrict File Permissions
windowsModify permissions on the vulnerable file to prevent unauthorized writes
icacls "C:\ProgramData\MSI\One Dragon Center\Data\Device_DeviceID.dat.bak" /deny Everyone:(W)
Remove Vulnerable File
windowsDelete or rename the vulnerable backup file
del "C:\ProgramData\MSI\One Dragon Center\Data\Device_DeviceID.dat.bak"
🧯 If You Can't Patch
- Uninstall MSI Center Pro 2.1.37.0 completely
- Implement strict access controls and monitor for unauthorized file modifications in the MSI directory
🔍 How to Verify
Check if Vulnerable:
Check if file exists: C:\ProgramData\MSI\One Dragon Center\Data\Device_DeviceID.dat.bak and verify MSI Center Pro version is 2.1.37.0Check Version:
Check MSI Center Pro about section or Programs and Features in Control PanelVerify Fix Applied:
Verify file permissions are restricted or file is removed, and check that MSI Center Pro is either updated or uninstalled📡 Detection & Monitoring
Log Indicators:
- File modification events for Device_DeviceID.dat.bak
- Process creation from MSI Center Pro with unusual parent processes
Network Indicators:
- Unusual outbound connections from MSI Center Pro processes
SIEM Query:
EventID=4663 OR EventID=4656 AND ObjectName="*Device_DeviceID.dat.bak*"