إرسال #18902: SteelSeries Apex Mechanical Gaming Keyboard Local Privilege Escalationالمعلومات

عنوانSteelSeries Apex Mechanical Gaming Keyboard Local Privilege Escalation
الوصفLocal Privilege Escalation analog to Razer device, privilege escalation in the setup/driver installer Vendor ID 1039, Product ID 1200 Link to video: https://streamable.com/w2jtn8 Proof of concept: https://github.com/tothi/usbgadget-tool Intial release: 2021-08-24 on Twitter by @an0n_r0 The LPE was found by @zux0x3a, here is his blog post: http://0xsp.com/security%20research%20&%20development%20(SRD)/local-administrator-is-not-just-with-razer-it-is-possible-for-all After plugging the keyboard, windows 10 start the process of installation and then immediately popped up the software installer. What have to understand from the installation process is that the software will first download another setup file “SteelSeriesGG6.2.0Setup.exe” and place the whole content into C:\windows\temp folder which means that the user cannot select a folder to save. ... In any setup process, there is a user agreement that needs users’ approval to proceed, by looking into the dialog I have spotted a learn more link is clickable and could allow me to abuse it to lunch another process with the same SYSTEM level.
المصدر⚠️ https://twitter.com/an0n_r0/status/1430010974073987081
المستخدم
 misc (UID 3)
ارسال24/08/2021 08:23 AM (5 سنوات منذ)
الاعتدال24/08/2021 08:28 AM (5 minutes later)
الحالةتمت الموافقة
إدخال VulDB181369 [SteelSeries Device Driver Installer تجاوز الصلاحيات]
النقاط20

Do you know our Splunk app?

Download it now for free!