Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

ACTIVE-2020-004: IDrive Local Privilege Escalation

Vulnerability Type:

Privilege Escalation

Vendors:

IDrive Inc.

CVE ID:

CVE-2020-15351

Affected Products:

  • IDrive for Windows prior to version 6.7.3.19

Summary:

IDrive for Windows prior to version 6.7.3.19 installs by default to C:\Program Files(x86)\IDriveWindows with weak folder permissions granting any user modify permission NT AUTHORITY\Authenticated Users:(OI)(CI)(M) to the contents of the directory and it's sub-folders. In addition, the program installs a service called IDriveService which runs as Local system, this will allow any standard user to escalate privileges to NT AUTHORITY\SYSTEM by substituting the service's binary with malicious one.

Mitigation:

The vendor has released a patch in version 6.7.3.19 addressing this vulnerability.

Credit:

This vulnerability was found by Hashim Jawad of ACTIVELabs.

References:

Disclosure Timeline:

  • 06-15-20: ACTIVELabs contacted IDrive support requesting security contact and PGP key
  • 06-15-20: IDrive support requested to share the report with them so they can forward it to the appropriate department
  • 06-16-20: ACTIVELabs sent security vulnerability report
  • 06-18-20: IDrive support shared a patch and requested to test it
  • 06-19-20: ACTIVELabs confirmed the patch has nullified the vulnerability and requested timeline for patch release
  • 06-22-20: IDrive support stated the patch will be pushed into production by mid of next week
  • 06-25-20: IDrive version 6.7.3.19 released
  • 06-26-20: ACTIVELabs publishes this advisory
  • 06-26-20: ACTIVELabs request CVE from MITRE
  • 06-26-20: CVE-2020-15351 assigned