11 matches found
CVE-2024-50590
Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is writable for all users. ...
CVE-2025-0120
A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also...
CVE-2024-50592
An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a race condition in the Elefant Update Service during the repair or update process. When using the repair function, the service queries the server for a lis...
CVE-2024-50592
CVE-2024-50592 describes a local privilege escalation in HASOMED Elefant software, via a race condition in the Elefant Update Service during repair/update. An attacker with local access can exploit the window between copying vulnerable executables to a user-writable folder (C:\Elefant1) and the f...
CVE-2024-50592 Local Privilege Escalation via Race Condition
An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a race condition in the Elefant Update Service during the repair or update process. When using the repair function, the service queries the server for a lis...
CVE-2024-50591 Local Privilege Escalation via Command Injection
An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a command injection vulnerability in the Elefant Update Service. The command injection can be exploited by communicating with the Elefant Update Service whi...
CVE-2024-50591
CVE-2024-50591 affects the Elefant Software Updater (ESU) on Windows. The vulnerability is a local privilege escalation via a command-injection flaw in the ESU service (running as NT AUTHORITY\SYSTEM) that can be triggered by sending a crafted MessageType.SupportServiceInfos message to the local ...
CVE-2024-50591 Local Privilege Escalation via Command Injection
An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a command injection vulnerability in the Elefant Update Service. The command injection can be exploited by communicating with the Elefant Update Service whi...
CVE-2024-50590 Local Privilege Escalation via Weak Service Binary Permissions
Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is writable for all users. ...
CVE-2024-50590 Local Privilege Escalation via Weak Service Binary Permissions
Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is writable for all users. ...
CVE-2022-25154
A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. An attacker must already have user privileges on Windows 7, 10, or 11 to exploit this vulnerability...