ACTIVE-2021-001: NoMachine for Windows Local Privilege Escalation
Vulnerability Type:
Privilege Escalation
Vendors:
NoMachine S.à r.l.
CVE ID:
N/A
Affected Products:
- NoMachine for Windows prior to version 6.15.1 and 7.5.2
Summary:
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM.
Mitigation:
The vendor has released a patch in version 6.15.1 and 7.5.2 addressing this vulnerability.
Credit:
This vulnerability was found by Hashim Jawad of ACTIVELabs.
References:
- https://knowledgebase.nomachine.com/TR05S10236
- https://knowledgebase.nomachine.com/SU05S00224
- https://knowledgebase.nomachine.com/SU05S00223
Disclosure Timeline:
- 05-07-21: ACTIVELabs sent vulnerability details to NoMachine
- 05-10-21: NoMachine team confirmed they're currently investigating the issue
- 05-12-21: NoMachine shared patch with ACTIVELabs and requested to test
- 05-12-21: ACTIVELabs confirmed the patch has nullified the vulnerability and requested patch release date
- 05-18-21: Patch released in version 6.15.1 and 7.5.2
- 05-19-21: ACTIVELabs publishes this advisory
- 05-19-21: ACTIVELabs request CVE from MITRE