We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-50590

Local Privilege Escalation via Weak Service Binary Permissions



Description

Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is writable for all users. In addition, the Elefant installer registers two Firebird database services which are running as “NT AUTHORITY\SYSTEM”.  Path: C:\Elefant1\Firebird_2\bin\fbserver.exe Path: C:\Elefant1\Firebird_2\bin\fbguard.exe Both service binaries are user writable. This means that a local attacker can rename one of the service binaries, replace the service executable with a new executable, and then restart the system. Once the system has rebooted, the new service binary is executed as "NT AUTHORITY\SYSTEM".

Reserved 2024-10-25 | Published 2024-11-08 | Updated 2024-11-08 | Assigner SEC-VLab

Problem types

CWE-276 Incorrect Default Permissions

CWE-732 Incorrect Permission Assignment for Critical Resource

CWE-250 Execution with Unnecessary Privileges

Product status

Default status
unaffected

<24.04.00
affected

Credits

Tobias Niemann, SEC Consult Vulnerability Lab finder

Daniel Hirschberger, SEC Consult Vulnerability Lab finder

Florian Stuhlmann, SEC Consult Vulnerability Lab finder

References

r.sec-consult.com/hasomed third-party-advisory

hasomed.de/produkte/elefant/ patch

cve.org (CVE-2024-50590)

nvd.nist.gov (CVE-2024-50590)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-50590

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.