SHOW:
|
|
- or go back to the newest paste.
| 1 | - | CVE-2022-26239: Remisol Advance - Normand License Manager |
| 1 | + | CVE-2022-26240: Remisol Advance - Normand Message Buffer |
| 2 | ||
| 3 | - | A vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand License Manager. On installation, the permissions set by Remisol Advance allow non-privileged users to overwrite and/or manipulate executables and libraries that run as the elevated SYSTEM user on Windows. |
| 3 | + | A vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand Message Buffer. On installation, the permissions set by Remisol Advance allow non-privileged users to overwrite and/or manipulate executables and libraries that run as the elevated SYSTEM user on Windows. |
| 4 | ||
| 5 | To recreate the conditions for exploitation, do the following; | |
| 6 | ||
| 7 | Step 1: Obtain low-level permission to a workstation (these workstations are usually protected with a weak password, a default vendor password or no password). | |
| 8 | - | Step 2: Replace the message server service executable (LicenseManager.exe or any associated library used with the service) with a malicious or PoC binary. Note: This service and its executable may be named something else in different regions, please check the services installed in Windows. |
| 8 | + | Step 2: Replace the message server service executable (MessageBuffer.exe or any associated library used with the service) with a malicious or PoC binary. Note: This service and its executable may be named something else in different regions, please check the services installed in Windows. |
| 9 | Step 3: Restart the machine or service, whichever is more accessible. | |
| 10 | Step 4: Your binary will be started as the SYSTEM/NT Authority user. | |
| 11 | ||
| 12 | The fix is simple: correct the permissions so that every user cannot overwrite the services and make themselves a super admin on the local Windows host. | |
| 13 | ||
| 14 |
