[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

10-Strike Bandwidth Monitor 3.9 Unquoted Service Path Vulnerability

Author
Bobby Cooke
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-34564
Category
local exploits
Date add
16-06-2020
Platform
windows
# Exploit Title:     Bandwidth Monitor 3.9 - Unquoted Services Paths
# Exploit Author:    Bobby Cooke
# Vendor Site:       https://www.10-strike.com/
# Software Download: https://www.10-strike.com/bandwidth-monitor/bandwidth-monitor.exe
# Tested On:         Windows 10 - Pro 1909 (x86)
# Version:           version 3.9
# Vulnerability Type: 
    Local Privilege Escalation to LocalSystem by Unquoted Service Path.
# Vulnerability Description:
    The 10-Strike Bandwidth Monitor v3.9 services "Svc10StrikeBandMontitor", "Svc10StrikeBMWD", and "Svc10StrikeBMAgent" suffer from unquoted service path vulnerabilities that allow attackers to achieve Privilege Escalation to SYSTEM, at startup, by placing a malicious binary in the truncated service path; such as "C:\Program.exe".

C:\Users\boku>wmic service get name,pathname,startmode,StartName | findstr "10-Strike Bandwidth Monitor"
Svc10StrikeBandMonitor    C:\Program Files\10-Strike Bandwidth Monitor\BMsvc.exe          Auto   LocalSystem
Svc10StrikeBMWD           C:\Program Files\10-Strike Bandwidth Monitor\BMWDsvc.exe        Auto   LocalSystem
Svc10StrikeBMAgent        C:\Program Files\10-Strike Bandwidth Monitor Agent\BMAgent.exe  Auto   LocalSystem

#  0day.today [2024-11-16]  #