Skip to content

Latest commit

 

History

History
36 lines (27 loc) · 1.42 KB

ACTIVE-2021-001.md

File metadata and controls

36 lines (27 loc) · 1.42 KB

ACTIVE-2021-001: NoMachine for Windows Local Privilege Escalation

Vulnerability Type:

Privilege Escalation

Vendors:

NoMachine S.à r.l.

CVE ID:

N/A

Affected Products:

  • NoMachine for Windows prior to version 6.15.1 and 7.5.2

Summary:

NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM.

Mitigation:

The vendor has released a patch in version 6.15.1 and 7.5.2 addressing this vulnerability.

Credit:

This vulnerability was found by Hashim Jawad of ACTIVELabs.

References:

Disclosure Timeline:

  • 05-07-21: ACTIVELabs sent vulnerability details to NoMachine
  • 05-10-21: NoMachine team confirmed they're currently investigating the issue
  • 05-12-21: NoMachine shared patch with ACTIVELabs and requested to test
  • 05-12-21: ACTIVELabs confirmed the patch has nullified the vulnerability and requested patch release date
  • 05-18-21: Patch released in version 6.15.1 and 7.5.2
  • 05-19-21: ACTIVELabs publishes this advisory
  • 05-19-21: ACTIVELabs request CVE from MITRE