Submit #385397: Intelbras InControl 2.21.56 Unquoted Search Pathinfo

TitleIntelbras InControl 2.21.56 Unquoted Search Path
DescriptionTitle: Intelbras InControl 2.21.56 Unquoted Service Path via "incontrolClientWatchdog" Service An "Unquoted Service Path" vulnerability has been identified in InControl software version 2.21.56. This vulnerability allows a local attacker with limited permissions on the system to execute a malicious binary with elevated privileges, potentially compromising the system's integrity. 1 - After downloading and installing version 2.21.56 of InControl, the following command was used to list the services configured with unquoted paths, excluding those located in the default Windows directory: Get-WmiObject -Class Win32_Service -Property Name, DisplayName, PathName, StartMode | Where-Object { $_.PathName -notlike 'C:\Windows*' -and $_.PathName -notlike '"*"' -and $_.PathName -match '^[^"]+$' } | Select-Object Name, DisplayName, StartMode, PathName Output: Name DisplayName StartMode PathName ---- ----------- --------- -------- IncontrolClientWatchdog Incontrol Cliente Watchdog Manual C:\Program Files (x86)\intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe 2 - The next command was used to check the service configuration, showing that the service runs with high privileges: cmd.exe /C "sc qc "incontrolClientWatchdog"" Output: [SC] QueryServiceConfig SUCCESS SERVICE_NAME: incontrolClientWatchdog TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Program Files (x86)\intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Incontrol Cliente Watchdog DEPENDENCIES : SERVICE_START_NAME : LocalSystem As shown in the commands above, the "incontrolClientWatchdog" service executable path is not properly enclosed in quotation marks. This scenario permits a user to create a file in the folder "C:\Program Files (x86)\intelbras" with the name "incontrol.exe", for example. When the service restarts, the file "incontrol.exe" will execute. This file can be a malicious binary, crafted to cause malicious activities on the system with high privileges.
Source⚠️ https://www.intelbras.com/pt-br/software-de-gerenciamento-de-controle-de-acesso-incontrol-web
User
 Anonymous User
Submission08/03/2024 15:15 (2 years ago)
Moderation09/28/2024 15:31 (2 months later)
StatusAccepted
VulDB entry278829 [Intelbras InControl up to 2.21.56 incontrol-service-watchdog.exe unquoted search path]
Points20

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!