Skip to content

Latest commit

 

History

History
47 lines (38 loc) · 2.08 KB

ACTIVE-2019-002.md

File metadata and controls

47 lines (38 loc) · 2.08 KB

ACTIVE-2019-002: KioWare Server Privilege Escalation Vulnerability

Vulnerability Type:

Privilege Escalation

Vendors:

KioWare

CVE ID:

CVE-2018-18435

Affected Products:

KioWare Server version 4.9.6 and older

Summary:

KioWare Server version 4.9.6 and older installs by default to C:\kioware_com with weak folder permissions granting any user full permission Everyone: (F) to the contents of the directory and it's sub-folders. In addition, the program installs a service called KWSService which runs as Localsystem, this will allow any user to escalate privileges to NT AUTHORITY\SYSTEM by substituting the service's binary with a malicious one.

Mitigation:

Upgrade to KioWare Server version 4.9.9 or install the provided security patch.

Credit:

This vulnerability was found by Hashim Jawad of ACTIVELabs.

References:

Disclosure Timeline:

  • 10-13-18: ACTIVELabs Contacted vendor
  • 10-15-18: Vendor requested full report and PoC
  • 10-15-18: Full report and PoC sent
  • 10-16-18: Vendor was able to reproduce/validate the issue and filed a feature request
  • 10-16-18: ACTIVELabs requested vendor to provide timeline for patch
  • 10-16-18: ACTIVELabs requested CVE ID
  • 10-17-18: CVE-2018-18435 assigned
  • 10-17-18: Vendor requested 90 days timeline to patch/QA test
  • 12-20-18: Vendor sent patch and requested feedback
  • 12-22-18: Suggestions/modifications sent to Vendor
  • 12-24-18: Vendor sent new patch and requested feedback
  • 12-25-18: New Suggestions/modifications sent to Vendor
  • 12-26-18: Vendor sent new patch and requested feedback
  • 12-27-18: Vendor was notified that the latest patch is sufficient
  • 12-31-18: Vendor released new version (v4.9.9) and patch as well
  • 01-07-19: Vulnerability has been made public
  • 03-18-19: ACTIVELabs publishes this advisory