CVE-2024-8996
CVSS 3.1 Score 7.3 of 10 (high)
Details
Summary
CVE-2024-8996 is a vulnerability in Grafana Agent (Flow mode) on Windows that allows for privilege escalation from a local user to SYSTEM, affecting versions prior to 0.43.2. This vulnerability arises from an unquoted search path or element issue, posing high risks to an organization's integrity and confidentiality due to its potential exploitation through local access. To remediate this vulnerability, users are advised to upgrade to Grafana Agent version 0.43.2 or later, as detailed in the security advisory on the Grafana website. The exploitability score is relatively low at 1.3, but the consequences of successful attacks could be severe, with significant impacts on system availability and data integrity. User interaction is required for exploitation, adding an additional layer of complexity to the attack vector.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.