Cybersecurity Vulnerabilities

CVE-2024-47856: Critical Path Interception Vulnerability in RSA Authentication Agent

November 25, 2025 - By 

Overview

CVE-2024-47856 describes a path interception vulnerability affecting RSA Authentication Agent for Microsoft Windows versions prior to 7.4.7. This vulnerability could allow an attacker to execute arbitrary code by placing a malicious executable in a carefully chosen directory. The core issue arises from how Windows resolves executable paths when those paths contain spaces and are not properly quoted.

Technical Details

The vulnerability stems from the way RSA Authentication Agent configures service and shortcut paths. If these paths contain spaces and are not enclosed in quotation marks, Windows may incorrectly resolve the intended executable. Specifically, Windows searches for executables by iteratively shortening the provided path. This means if a service or shortcut is configured with a path like C:\Program Files\RSA Authentication Agent\rsagui.exe, an attacker could place a malicious executable named Program.exe in the C:\ directory. When the service or shortcut attempts to execute, Windows may resolve and execute the malicious C:\Program.exe instead of the intended C:\Program Files\RSA Authentication Agent\rsagui.exe. This “path interception” allows for privilege escalation and arbitrary code execution.

CVSS Analysis

Currently, the CVSS score and severity for CVE-2024-47856 are listed as N/A. However, considering the potential for arbitrary code execution, this vulnerability could be considered high severity. The lack of a formal CVSS score at this time does not diminish the potential risk; organizations using affected versions of RSA Authentication Agent should prioritize patching.

Possible Impact

Successful exploitation of CVE-2024-47856 can have significant consequences:

  • Arbitrary Code Execution: An attacker can execute arbitrary code with the privileges of the user account under which the RSA Authentication Agent service or shortcut is running.
  • Privilege Escalation: If the service runs with elevated privileges (e.g., SYSTEM), the attacker can gain SYSTEM-level access to the affected system.
  • System Compromise: A compromised system can be used for various malicious activities, including data theft, malware installation, and denial-of-service attacks.

Mitigation and Patch Steps

The recommended mitigation for CVE-2024-47856 is to upgrade RSA Authentication Agent to version 7.4.7 or later.

  1. Upgrade RSA Authentication Agent: Download and install the latest version of RSA Authentication Agent from the official RSA website.
  2. Verify Installation: After upgrading, verify that the new version is installed correctly.
  3. Monitor for Suspicious Activity: Continuously monitor systems for any unusual or suspicious activity that might indicate exploitation.

You can download the latest version here:

References

RSA Security Advisory RSA-2024-13
RSA Authentication Agent 7.4.7 for Microsoft Windows Download

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *