Vulners
Lucene search
SolarWinds Kiwi CatTools 3.11.0 - Unquoted Service Path Privilege Escalation
Document Title:
================
SolarWinds Kiwi CatTools Unquoted Service Path Privilege Escalation Vulnerability
Author:
========
Halil Dalabasmaz
Release Date:
==============
29 SEP 2016
Product & Service Introduction:
================================
Kiwi CatTools saves you time by automating common network configuration
tasks including the ability to automatically change and backup network
device configurations. Kiwi CatTools is a software application used by
network administrators to automate many of the tasks they
perform on a daily basis. This is the no longer available freeware version.
Kiwi CatTools automates configuration backups and management on routers,
switches and firewalls. It provides e-mail notification and compare reports
highlighting config changes. Supports Telnet, SSH, TFTP and SNMP. Kiwi CatTools
is designed by network engineers, for network engineers. We understand the tasks
you need to perform and how you work. CatTools is here to make your life easier.
It does this by scheduling batch jobs,automating changes, and reporting on the
things that matter to you as a network administrator.
Vendor Homepage:
=================
http://www.kiwisyslog.com/products/kiwi-cattools/product-overview.aspx
Vulnerability Information:
===========================
The application can be install on Windows system as a service by default service
installation selected. The application a 32-bit application and the default
installation path is "C:\Program Files (x86)" on Windows systems. This could
potentially allow an authorized but non-privileged local user to execute arbitrary
code with elevated privileges on the system. The application work on "Local System"
privileges. A successful attempt would require the local user to be able to insert
their code in the system root path undetected by the OS or other security applications
where it could potentially be executed during application startup or reboot.
C:\Windows\system32>sc qc CatTools
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: CatTools
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files (x86)\CatTools3\CatTools_Service.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : CatTools
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
Vulnerability Disclosure Timeline:
=========================
13 AUG 2016 - Contact With Vendor
15 AUG 2016 - Vendor Response
15 SEP 2016 - No Response From Vendor
19 SEP 2016 - Public Disclosure
Discovery Status:
==================
Published
Affected Product(s):
=====================
SolarWinds Kiwi CatTools 3.11.0
Tested On:
===========
Windows 7 Ultimate 64-Bit SP1 (EN)
# 0day.today [2018-03-02] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 Sep 2016 00:00Current
6.8Medium risk
Vulners AI Score6.8