RSA Security Advisory Details - RSA Advisory Identifier: RSA-2024-13 - CVE Identifier: CVE-2024-47856 - Severity: High - Severity Rating (CVSS v3.1 Base Score): AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H - Affected Products: RSA Authentication Agent for Microsoft Windows 7.4.6 and earlier - Summary: RSA Authentication Agent 7.4.7 for Microsoft Windows contains remediation of the issue where search paths in certain cases are open and could be exploited by malicious users to compromise the affected system. - Details: This vulnerability exists due to a misconfigured executable path. A registry entry containing the path of an agent executable is not quoted, allowing an adversary to create a malicious program in the search path and get the agent service to load this malicious executable instead of the intended one. - Resolution: RSA Authentication Agent 7.4.7 for Windows release contains resolutions to these vulnerabilities. - Credit: RSA would like to thank the Lockheed Martin Red Team for reporting this issue. - Severity Rating Explanation: Refer to the RSA Security Advisories Severity Rating knowledgebase article. - EOPS Policy: Refer to Product Version Life Cycle for additional details.