Privilege Escalation
NoMachine S.à r.l.
N/A
- NoMachine for Windows prior to version 6.15.1 and 7.5.2
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM.
The vendor has released a patch in version 6.15.1 and 7.5.2 addressing this vulnerability.
This vulnerability was found by Hashim Jawad of ACTIVELabs.
- https://knowledgebase.nomachine.com/TR05S10236
- https://knowledgebase.nomachine.com/SU05S00224
- https://knowledgebase.nomachine.com/SU05S00223
- 05-07-21: ACTIVELabs sent vulnerability details to NoMachine
- 05-10-21: NoMachine team confirmed they're currently investigating the issue
- 05-12-21: NoMachine shared patch with ACTIVELabs and requested to test
- 05-12-21: ACTIVELabs confirmed the patch has nullified the vulnerability and requested patch release date
- 05-18-21: Patch released in version 6.15.1 and 7.5.2
- 05-19-21: ACTIVELabs publishes this advisory
- 05-19-21: ACTIVELabs request CVE from MITRE