CVE-2024-7358
📋 TL;DR
This critical vulnerability in Getscreen Agent 2.19.6 on Windows allows local attackers to create temporary files with insecure permissions during installation. Attackers with local access can potentially escalate privileges or execute arbitrary code. Only Windows systems running the vulnerable version are affected.
💻 Affected Systems
- Point B Ltd Getscreen Agent
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation leading to complete system compromise, installation of persistent malware, or lateral movement within the network.
Likely Case
Local user gains elevated privileges, modifies system files, or installs unauthorized software on the affected machine.
If Mitigated
Attack limited to temporary file creation with minimal impact if proper file permission controls and user privilege restrictions are enforced.
🎯 Exploit Status
Exploit has been publicly disclosed on GitHub. Requires local access but no authentication beyond standard user access. Vendor was contacted but did not respond in time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. Consider upgrading to a newer version if available, or apply workarounds.
🔧 Temporary Workarounds
Restrict installation permissions
windowsLimit who can install or modify Getscreen Agent to trusted administrators only
Monitor temporary file creation
windowsImplement file system auditing for temporary directory modifications related to getscreen.msi
🧯 If You Can't Patch
- Remove Getscreen Agent from non-essential systems
- Implement strict access controls and monitor for suspicious file creation activities
🔍 How to Verify
Check if Vulnerable:
Check if Getscreen Agent version 2.19.6 is installed on Windows systems. Review installation logs for getscreen.msi execution.Check Version:
Check installed programs in Control Panel or run: wmic product where "name like '%Getscreen%'" get versionVerify Fix Applied:
Verify that Getscreen Agent has been upgraded to a version newer than 2.19.6 or removed from the system.📡 Detection & Monitoring
Log Indicators:
- Unusual file creation in temporary directories during Getscreen installation
- Multiple failed or suspicious installation attempts of getscreen.msi
Network Indicators:
- None - this is a local file system vulnerability
SIEM Query:
EventID=4688 AND (ProcessName LIKE '%getscreen.msi%' OR CommandLine LIKE '%getscreen.msi%')