إرسال #204255: NextBX QWAlerter v4.50 - Unquoted Pathالمعلومات

عنوان	NextBX QWAlerter v4.50 - Unquoted Path
الوصف	# Vendor Homepage: http://www.quescom.eu/ # File Description: NextBX Administration Alerter # Product Name: NextBX # Filename QWAlerter.exe # Version: 4.50 # Tested on: Windows Server 2012 R2 Summary: ================ An unquoted service path vulnerability has been discovered in NextBX Administration Alerter version = 4.50 affecting the executable "C:\Program Files (x86)\QuesCom\Management Console\QWAlerter\QWAlerter.exe" . This vulnerability occurs when the service's path is misconfigured, allowing an attacker to run a malicious file instead of the legitimate executable associated with the service. An attacker with local user privileges could exploit this vulnerability to replace the legitimate \Management Console\QWAlerter\QWAlerter.exe service executable with a malicious file of the same name and located in a directory that has a higher priority than the legitimate directory. That way, when the service starts, it will run the malicious file instead of the legitimate executable, allowing the attacker to execute arbitrary code, gain unauthorized access to the compromised system, or stop the service from functioning. To exploit this vulnerability, an attacker would need local access to the system and the ability to write and replace files on the system. The vulnerability can be mitigated by correcting the service path to correctly quote the full path of the executable, including quotation marks. Furthermore, it is recommended that users keep software updated with the latest security updates and limit physical and network access to their systems to prevent malicious attacks. POC: C:\>sc qc QWAlerter [SC] QueryServiceConfig SUCCESS SERVICE_NAME: QWAlerter TYPE : 110 WIN32_OWN_PROCESS (interactive) START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Program Files (x86)\QuesCom\Management Console\QWAlerter\QWAlerter.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : QWAlerter DEPENDENCIES : SERVICE_START_NAME : LocalSystem
المستخدم	_Phx (UID 50799)
ارسال	06/09/2023 02:12 AM (3 سنوات منذ)
الاعتدال	15/09/2023 09:03 AM (9 days later)
الحالة	تمت الموافقة
إدخال VulDB	239804 [NextBX QWAlerter 4.50 QWAlerter.exe تجاوز الصلاحيات]
النقاط	17

التالي ▸نظرة عامة ◂ السابق

Might our Artificial Intelligence support you?

Check our Alexa App!