CVE-2024-21923 is a vulnerability classified under CWE-426 (Untrusted Search Path) found in AMD StoreMI™, a storage acceleration technology by AMD. The issue arises from incorrect default permissions set on the software components, which allows an attacker with local access and limited privileges to manipulate the search path used by the software to load executables or libraries. By placing malicious files in these paths, an attacker can escalate their privileges to higher levels, potentially achieving arbitrary code execution with elevated rights. This can compromise the confidentiality, integrity, and availability of the affected system. The vulnerability is particularly dangerous because it does not require sophisticated remote exploitation but depends on local access and some user interaction, such as running the affected software. AMD StoreMI™ versions impacted are end-of-life with no planned fixes, increasing the risk for organizations that continue to use this software. The CVSS v3.1 score of 7.3 reflects the high impact and relatively low complexity of exploitation. No known exploits are currently in the wild, but the vulnerability's characteristics make it a significant concern for environments where AMD StoreMI™ is deployed.

For European organizations, the impact of CVE-2024-21923 can be substantial, especially in sectors that rely on AMD StoreMI™ for storage performance improvements, such as financial services, manufacturing, and critical infrastructure. Successful exploitation can lead to privilege escalation, allowing attackers to execute arbitrary code with elevated privileges, potentially leading to data breaches, system manipulation, or disruption of services. The compromise of confidentiality, integrity, and availability could result in financial losses, regulatory penalties under GDPR, and damage to organizational reputation. Since the affected software is end-of-life with no patches, organizations face increased risk if they continue to use AMD StoreMI™ without mitigation. The requirement for local access limits remote exploitation but insider threats or attackers gaining initial footholds through other means could leverage this vulnerability to deepen their control over systems.

Given the absence of patches for this end-of-life product, European organizations should prioritize the removal or complete disabling of AMD StoreMI™ from their systems. If removal is not immediately feasible, strict permission auditing and hardening should be enforced on directories and files related to AMD StoreMI™ to prevent unauthorized modification or insertion of malicious files. Employ application whitelisting to restrict execution of unauthorized binaries and monitor for unusual local privilege escalation attempts. Network segmentation and strict access controls can reduce the risk of attackers gaining local access to vulnerable systems. Additionally, organizations should implement robust endpoint detection and response (EDR) solutions to detect suspicious activities indicative of exploitation attempts. Regular user training to minimize risky behaviors that could lead to local compromise is also recommended. Finally, organizations should consider hardware and software inventory audits to identify and phase out unsupported AMD StoreMI™ deployments.