CVE-2024-35177

Summary

CVE-2024-35177 introduces a Local Privilege Escalation vulnerability in the Wazuh agent for Windows. This open-source security platform protects workloads across various environments, but the vulnerability arises due to an improper Access Control List (ACL) on the agent's non-default installation directory. A local malicious user can potentially exploit this by adding a non-present DLL or replacing the service executable binary with a malicious one, escalating privileges from a low-level user to NT AUTHORITY\SYSTEM. This vulnerability has been rectified in version 4.9.0, and all users are urged to upgrade as no known workarounds exist.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.