Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

ACTIVE-2021-001: NoMachine for Windows Local Privilege Escalation

Vulnerability Type:

Privilege Escalation

Vendors:

NoMachine S.à r.l.

CVE ID:

N/A

Affected Products:

  • NoMachine for Windows prior to version 6.15.1 and 7.5.2

Summary:

NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM.

Mitigation:

The vendor has released a patch in version 6.15.1 and 7.5.2 addressing this vulnerability.

Credit:

This vulnerability was found by Hashim Jawad of ACTIVELabs.

References:

Disclosure Timeline:

  • 05-07-21: ACTIVELabs sent vulnerability details to NoMachine
  • 05-10-21: NoMachine team confirmed they're currently investigating the issue
  • 05-12-21: NoMachine shared patch with ACTIVELabs and requested to test
  • 05-12-21: ACTIVELabs confirmed the patch has nullified the vulnerability and requested patch release date
  • 05-18-21: Patch released in version 6.15.1 and 7.5.2
  • 05-19-21: ACTIVELabs publishes this advisory
  • 05-19-21: ACTIVELabs request CVE from MITRE