Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2024-37726

🗓️ 03 Jul 2024 00:00:00Reported by mitreType 
cve
 cve🔗 web.nvd.nist.gov👁 52 Views🌐 WEB

Insecure Permissions in MSI Center v2.0.36.

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
Circl		CVE-2024-37726
4 Jul 202418:29
circl
CNNVD		Micro-Star International MSI Center Security Breach
3 Jul 202400:00
cnnvd
Cvelist		CVE-2024-37726
3 Jul 202400:00
cvelist
GithubExploit		Exploit for CVE-2024-37726
3 Jul 202407:26
githubexploit
NVD		CVE-2024-37726
3 Jul 202414:15
nvd
Positive Technologies		PT-2024-27723 · Msi · Msi Center
3 Jul 202400:00
ptsecurity
RedhatCVE		CVE-2024-37726
23 May 202509:02
redhatcve
Vulnrichment		CVE-2024-37726
3 Jul 202400:00
vulnrichment
Vulnrichment
Node
micro_star_international_comsi_centerMatchv.2.0.36.0
ParameterPositionPathDescriptionCWE
12345.txtpathC:\Users\Public\eop\12345.txtOpLock-based file overwrite vector used by MSI Center Export System Info to write/overwrite a target file with SYSTEM privileges.CWE-269
12345.txtpathGLOBAL\GLOBALROOT\RPC Control\12345.txtOpLock and junction-based path manipulation to redirect writes to a target file (e.g., C:\Windows\lsasetup.log).CWE-269
lsasetup.logpathC:\Windows\lsasetup.logTarget file that can be overwritten/deleted via the privilege escalation workflow.CWE-269
backdoor.batpathC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\backdoor.batPayload placed via startup autoload to achieve privilege escalation when an admin logs in.CWE-269

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Apr 2026 00:35Current
6.8Medium risk
Vulners AI Score6.8
CVSS 3.16.8
EPSS0.07913
SSVC
CWE-269
msi centerinsecure permissionslocal attackerprivilege escalationexport system info function
52