Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormFelipe Xavier OliveiraPACKETSTORM:146705
HistoryMar 08, 2018 - 12:00 a.m.

10-Strike Network Monitor 5.4 Unquoted Service Path

2018-03-0800:00:00
Felipe Xavier Oliveira
packetstormsecurity.com
38

EPSS

0

Percentile

5.1%

JSON
`=====[ Tempest Security Intelligence - ADV-20/2018 ]===  
  
10-Strike Network Monitor 5.4 - Unquoted Service Path  
-------------------------------------------------------  
Author:  
- Filipe Xavier Oliveira: < filipe.xavier () tempest.com.br  
  
=====[ Table of Contents  
]=====================================================  
  
* Overview  
* Detailed description  
* Timeline of disclosure  
* Thanks & Acknowledgements  
* References  
  
=====[ Overview  
]==============================================================  
  
* System affected : 10-Strike Network Monitor [1]  
* Software Version : 5.4. Other versions or models may also be affected.  
* Impact : Allow an authorized but non-privileged local user to execute  
arbitrary code with elevated privileges on the system. If an attacker  
could copy a malicious file and place it on, for example, into the root  
directory. This would cause windows to run the malicious executable in  
the user context of the service account at the next service start.  
  
=====[ Detailed description  
]==================================================  
  
Unquoted Windows search path vulnerability in the srvInventoryWebServer  
service in  
10-Strike Network Monitor 5.4 allows local users to gain privileges via  
a malicious artefact.  
------------------------------------------  
[Additional Information]  
C:\Windows\system32>sc qc srvInventoryWebServer  
[SC] QueryServiceConfig SUCCESS  
SERVICE_NAME: srvInventoryWebServer  
TYPE : 10 WIN32_OWN_PROCESS  
START_TYPE : 2 AUTO_START  
ERROR_CONTROL : 1 NORMAL  
BINARY_PATH_NAME : C:\Program Files\10-Strike Network Inventory Explorer  
Pro\InventoryWebServer.exe  
LOAD_ORDER_GROUP :  
TAG : 0  
DISPLAY_NAME : srvInventoryWebServer  
DEPENDENCIES :  
SERVICE_START_NAME : LocalSystem  
  
=====[ Timeline of disclosure  
]===============================================  
  
10/19/2017 - Vendor was informed of the vulnerability.  
01/02/2018 - Vendor did not respond.  
01/22/2018 - CVE assigned [2]  
03/06/2018 - Advisory publication date.  
  
=====[ Thanks & Acknowledgements  
]============================================  
  
- Tempest Security Intelligence / Tempest's Pentest Team [3]  
  
=====[ References  
]===========================================================  
  
[1] - https://www.10-strike.com/  
[2] - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6016  
[3] - http://tempest.com.br  
  
--   
Filipe Oliveira  
Tempest Security Intelligence  
  
  
  
`

Related

prion 1
cvelist 1
cve 1
nvd 1
openvas 1
prion
prion
Design/Logic Flaw
2018-03-12 21:29:00
cvelist
cvelist
CVE-2018-6016
2018-03-12 21:00:00
cve
cve
CVE-2018-6016
2018-03-12 21:29:00
nvd
nvd
CVE-2018-6016
2018-03-12 21:29:00
openvas
openvas
Microsoft Windows Unquoted Path Vulnerability (SMB Login)
2018-03-23 00:00:00

EPSS

0

Percentile

5.1%

JSON
Related for PACKETSTORM:146705
prion1cvelist1cve1nvd1openvas1