CVE-2024-8996

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Sep 25, 2024
CWE ID 428

Summary

CVE-2024-8996 is a vulnerability in Grafana Agent (Flow mode) on Windows that allows for privilege escalation from a local user to SYSTEM, affecting versions prior to 0.43.2. This vulnerability arises from an unquoted search path or element issue, posing high risks to an organization's integrity and confidentiality due to its potential exploitation through local access. To remediate this vulnerability, users are advised to upgrade to Grafana Agent version 0.43.2 or later, as detailed in the security advisory on the Grafana website. The exploitability score is relatively low at 1.3, but the consequences of successful attacks could be severe, with significant impacts on system availability and data integrity. User interaction is required for exploitation, adding an additional layer of complexity to the attack vector.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share