CVE-2024-50590
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
Description
Attackers with local access to the medical office computer can
escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by
overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is
writable for all users. In addition, the Elefant installer registers two
Firebird database services which are running as “NT AUTHORITY\SYSTEM”.
Path: C:\Elefant1\Firebird_2\bin\fbserver.exe
Path: C:\Elefant1\Firebird_2\bin\fbguard.exe
Both service binaries are user writable. This means that a local
attacker can rename one of the service binaries, replace the service
executable with a new executable, and then restart the system. Once the
system has rebooted, the new service binary is executed as "NT
AUTHORITY\SYSTEM".
Related CWEs
CWE-250
Execution with Unnecessary Privileges
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
References (3)
Source: 551230f0-3615-47bd-b7cc-93e92e730bbf
Source: 551230f0-3615-47bd-b7cc-93e92e730bbf
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.