Lucene search

K

Ross Video DashBoard 8.5.1 Insecure Permissions

🗓️ 23 Apr 2019 00:00:00Reported by Gjoko KrsticType 
zeroscience
 zeroscience
🔗 zeroscience.mk👁 52 Views

Ross Video DashBoard 8.5.1 Insecure Permissions. Privilege escalation risk due to elevation of privileges vulnerability by changing the executable file permissions

Show more
Code
<html><body><p>Ross Video DashBoard 8.5.1 Insecure Permissions


Vendor: Ross Video Ltd.
Product web page: https://www.rossvideo.com
Affected version: 8.5.1

Summary: DashBoard is a free and open platform from Ross Video for facility
control and monitoring that enables users to quickly build unique, tailored
Custom Panels that make complex operations simple.

Desc: DashBoard suffers from an elevation of privileges vulnerability which
can be used by a simple authenticated user that can change the executable file
with a binary of choice. The vulnerability exist due to the improper permissions,
with the 'M' flag (Modify) or 'C' flag (Change) for 'Authenticated Users' group.

Tested on: Microsoft Windows 7 Professional SP1 (EN)


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2019-5516
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5516.php


23.04.2019

--


C:\DashBoard&gt;icacls DashBoard.exe &amp;&amp; cacls DashBoard.exe
DashBoard.exe BUILTIN\Administrators:(I)(F)
              NT AUTHORITY\SYSTEM:(I)(F)
              BUILTIN\Users:(I)(RX)
              NT AUTHORITY\Authenticated Users:(I)(M)

Successfully processed 1 files; Failed processing 0 files
C:\DashBoard\DashBoard.exe BUILTIN\Administrators:(ID)F
                           NT AUTHORITY\SYSTEM:(ID)F
                           BUILTIN\Users:(ID)R
                           NT AUTHORITY\Authenticated Users:(ID)C
</p></body></html>

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo