Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Ross Video DashBoard 8.5.1 Insecure Permissions

🗓️ 23 Apr 2019 00:00:00Reported by Gjoko KrsticType 
zeroscience
 zeroscience🔗 www.zeroscience.mk👁 56 Views

Ross Video DashBoard 8.5.1 Insecure Permissions. Privilege escalation risk due to elevation of privileges vulnerability by changing the executable file permissions

Related
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2019-25245
24 Dec 202519:37
circl
CNNVD		Ross Video DashBoard 安全漏洞
24 Dec 202500:00
cnnvd
CVE		CVE-2019-25245
24 Dec 202519:27
cve
Cvelist		CVE-2019-25245 Ross Video DashBoard 8.5.1 Privilege Escalation via Insecure Permissions
24 Dec 202519:27
cvelist
EUVD		EUVD-2025-205311
24 Dec 202521:30
euvd
NVD		CVE-2019-25245
24 Dec 202520:15
nvd
Positive Technologies		PT-2025-53331
24 Dec 202500:00
ptsecurity
Vulnrichment		CVE-2019-25245 Ross Video DashBoard 8.5.1 Privilege Escalation via Insecure Permissions
24 Dec 202519:27
vulnrichment
<html><body><p>Ross Video DashBoard 8.5.1 Insecure Permissions


Vendor: Ross Video Ltd.
Product web page: https://www.rossvideo.com
Affected version: 8.5.1

Summary: DashBoard is a free and open platform from Ross Video for facility
control and monitoring that enables users to quickly build unique, tailored
Custom Panels that make complex operations simple.

Desc: DashBoard suffers from an elevation of privileges vulnerability which
can be used by a simple authenticated user that can change the executable file
with a binary of choice. The vulnerability exist due to the improper permissions,
with the 'M' flag (Modify) or 'C' flag (Change) for 'Authenticated Users' group.

Tested on: Microsoft Windows 7 Professional SP1 (EN)


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2019-5516
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5516.php


23.04.2019

--


C:\DashBoard&gt;icacls DashBoard.exe &amp;&amp; cacls DashBoard.exe
DashBoard.exe BUILTIN\Administrators:(I)(F)
              NT AUTHORITY\SYSTEM:(I)(F)
              BUILTIN\Users:(I)(RX)
              NT AUTHORITY\Authenticated Users:(I)(M)

Successfully processed 1 files; Failed processing 0 files
C:\DashBoard\DashBoard.exe BUILTIN\Administrators:(ID)F
                           NT AUTHORITY\SYSTEM:(ID)F
                           BUILTIN\Users:(ID)R
                           NT AUTHORITY\Authenticated Users:(ID)C
</p></body></html>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
23 Apr 2019 00:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 48.5
CVSS 3.18.8
EPSS0.00037
SSVC
ross videodashboardinsecure permissionsprivilege escalationelevation of privilegesvulnerabilitywindows 7exploitzero science lab
56