<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">

We're blowing the whistle on Legacy PAM 🏀 Join us for an Access Madness Webinar on March 28

Search
Close icon
Search bar icon

SDMSA-2022:001 - StrongDM Security Advisory

This Security Advisory is for a local privilege escalation issue in StrongDM's Windows CLI installer. This is resolved in version 35.61.0 and above.

Security Advisory Content

SDMSA-2022:001 - StrongDM Security Advisory

 

Date Published

2022-10-24

Summary

StrongDM’s older versions of the standalone Windows CLI installer are subject to a High severity vulnerability: Local Privilege Escalation due to improper access controls on non-default installation directory location.

Description

This vulnerability could allow for Local Privilege Escalation on a shared system if the SDM Windows Service Account CLI was installed by an Admin in certain non-default folders.

Affected Products & Versions

Local Privilege Escalation vulnerability affects Windows Service Account (CLI) versions up through 35.55.0.

Solution

Any customers using the standalone Windows StrongDM CLI should update to the sdm-cli version 35.61.0 or above.

Vulnerability Details

CVE ID CVSS v3.1 Score CVE Description CWE Class
CVE-2022-TBD 7.1 Local Privilege Escalation due to improper ACLs on non-default installation directory location CWE-276: Incorrect Default Permissions


Acknowledgments

StrongDM would like to thank Marius Gabriel Mihai for reporting this issue.

 

StrongDM app UI showing available infrastructure resources
Connect your first server or database, without any agents, in 5 minutes.