CVE-2024-47856

Published: Nov 24, 2025Modified: Dec 30, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to path interception if the path has one or more spaces and is not surrounded by quotation marks. An adversary can place an executable in a higher-level directory of the path, and Windows will resolve that executable instead of the intended executable.

Affected (1)

Products: Rsa: Authentication Agent For Windows

1 product

Authentication Agent For Windows

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rsa Authentication Agent For Windows	Before 7.4.7

Related CWEs

Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

References (2)

https://community.rsa.com/s/article/RSA-2024-13-RSA-Authentication-Agent-for-Microsoft-Windows-Security-Update

Source: cve@mitre.org

Vendor Advisory

https://community.rsa.com/s/product-download/a9G4u000000mCOYEAU/rsa-authentication-agent-747-for-microsoft-windows

Source: cve@mitre.org

Permissions Required

Timeline

No history available yet.