Security Advisories /
Windows
SDMSA-2022:001 - StrongDM Security Advisory
This Security Advisory is for a local privilege escalation issue in StrongDM's Windows CLI installer. This is resolved in version 35.61.0 and above.
Security Advisory Content
SDMSA-2022:001 - StrongDM Security Advisory
Date Published
2022-10-24
Summary
StrongDM’s older versions of the standalone Windows CLI installer are subject to a High severity vulnerability: Local Privilege Escalation due to improper access controls on non-default installation directory location.
Description
This vulnerability could allow for Local Privilege Escalation on a shared system if the SDM Windows Service Account CLI was installed by an Admin in certain non-default folders.
Affected Products & Versions
Local Privilege Escalation vulnerability affects Windows Service Account (CLI) versions up through 35.55.0.
Solution
Any customers using the standalone Windows StrongDM CLI should update to the sdm-cli version 35.61.0 or above.
Vulnerability Details
| CVE ID | CVSS v3.1 Score | CVE Description | CWE Class |
| CVE-2022-TBD | 7.1 | Local Privilege Escalation due to improper ACLs on non-default installation directory location | CWE-276: Incorrect Default Permissions |
Acknowledgments
StrongDM would like to thank Marius Gabriel Mihai for reporting this issue.
