CVE-2024-50804 in MSI Center Pro
Summary
by MITRE • 11/18/2024
Insecure Permissions vulnerability in Micro-star International MSI Center Pro 2.1.37.0 allows a local attacker to execute arbitrary code via the Device_DeviceID.dat.bak file within the C:\ProgramData\MSI\One Dragon Center\Data folder
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 11/18/2024
The vulnerability identified as CVE-2024-50804 represents a critical insecure permissions flaw within Micro-star International MSI Center Pro version 2.1.37.0 that exposes the system to local privilege escalation attacks. This issue manifests through improper file permissions on the Device_DeviceID.dat.bak file located in the C:\ProgramData\MSI\One Dragon Center\Data directory, creating an exploitable condition that allows unauthorized local users to gain elevated system privileges. The vulnerability stems from the application's failure to implement proper access controls on its configuration and data files, which are stored in a location that typically requires administrative privileges for modification. The insecure permissions create a path for attackers to manipulate the backup file and subsequently execute malicious code with the privileges of the target application process.
The technical exploitation of this vulnerability follows a well-defined attack pattern that aligns with common privilege escalation techniques documented in the ATT&CK framework under T1068 for local privilege escalation. Attackers can leverage the insecure permissions to modify the Device_DeviceID.dat.bak file, potentially injecting malicious code or altering system parameters that will be executed during the application's normal operation cycle. This creates a persistent backdoor mechanism that can be used to maintain access or escalate privileges beyond the initial compromise. The vulnerability is particularly concerning because it operates at the local system level without requiring network connectivity, making it difficult to detect through traditional network-based monitoring systems. The flaw directly corresponds to CWE-276 which describes inadequate file permissions and improper access control mechanisms that allow unauthorized users to modify system files.
The operational impact of CVE-2024-50804 extends beyond simple code execution capabilities to encompass broader system compromise potential. When an attacker successfully exploits this vulnerability, they can effectively take control of the MSI Center Pro application and potentially the underlying system, as the application typically runs with elevated privileges to perform hardware management functions. The persistent nature of the attack vector means that once the backup file is modified, the malicious payload will execute every time the application runs, creating a stealthy and long-term threat. This vulnerability affects systems where the MSI Center Pro application is installed and running, particularly in enterprise environments where multiple users may have local access to systems. The impact is further amplified when considering that many users may not be aware of the application's presence or its associated file permissions, creating additional attack surface opportunities.
Mitigation strategies for CVE-2024-50804 should focus on immediate permission adjustments and long-term system hardening measures. System administrators should immediately review and tighten the permissions on the C:\ProgramData\MSI\One Dragon Center\Data folder and its contents, ensuring that only authorized users and processes have write access to the Device_DeviceID.dat.bak file. The recommended approach includes implementing proper discretionary access controls using windows file permissions, restricting write access to administrators only, and ensuring that the application runs with minimal required privileges. Organizations should also consider implementing application whitelisting policies to prevent unauthorized code execution, and establish monitoring procedures to detect unusual file modifications in system directories. Additionally, regular security audits should verify that no other similar insecure permissions exist within the application's data storage locations, as this vulnerability may be indicative of broader permission management issues. The remediation process should also include updating to the latest version of MSI Center Pro where this vulnerability has been addressed, as vendors typically release patches to resolve such insecure permissions flaws.