CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-47856

CVSS 9.8v3.1pub. 2025-11-24upd. 2025-12-30

In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to path interception if the path has one or more spaces and is not surrounded by quotation marks. An adversary can place an executable in a higher-level directory of the path, and Windows will resolve that executable instead of the intended executable.

🤖 AI Analysis
How it works

When the path to a service executable or shortcut contains spaces and is not enclosed in quotes, Windows attempts to sequentially resolve each segment of the path as a separate executable file. An attacker can place a malicious executable file in a directory higher than the target program, and Windows will execute that file instead of the legitimate one. This technique (unquoted service path) allows for takeover of a process typically executed with system privileges.

Impact

An attacker can execute arbitrary code in the context of a privileged process (e.g., SYSTEM), which in practice means complete takeover of the system, including the ability to perform privilege escalation, steal authentication credentials, and install malicious software.

Mitigation & patch

RSA Authentication Agent for Windows should be updated to version 7.4.7 or later. The update package is available in the vendor references (community.rsa.com). Until the patch is deployed, it is recommended to restrict local system access exclusively to authorized users and monitor system directories for unexpected executable files.

Who is affected

RSA Authentication Agent for Windows versions prior to 7.4.7

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Rsa Authentication Agent For Windows

    APP
    Rsa
    < 7.4.7
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2013-0931MEDIUM5.4ten sam produkt

EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout featu...

CVE-2022-30584CRITICAL9.6ten sam vendor

Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS f...

CVE-2019-3758CRITICAL9.8ten sam vendor

RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerab...

CVE-2019-3725CRITICAL9.8ten sam vendor

RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security Analytics versions prior to 10.6.6.1 are v...

CVE-2017-14377CRITICAL9.8ten sam vendor

EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for Web: Apac...