Total AV 4.6.19 Insecure Permissions

2018.07.14
Risk: Low
Local: Yes
Remote: No
CWE: CWE-275


CVSS Base Score: 7.2/10
Impact Subscore: 10/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

=====[ Tempest Security Intelligence - ADV-23/2018 ]=== Total AV 4.1.7 ~ 4 .6.19 - Insecure Permissions ------------------------------------------------------- Author: - Filipe Xavier Oliveira: < filipe.xavier () tempest.com.br <http://tempest.com.br/> =====[ Table of Contents ]===================================================== * Overview * Detailed description * Timeline of disclosure * Thanks & Acknowledgements * References =====[ Overview ]============================================================== * System affected : Total AV [1] * Software Version : 4.1.7 ~ 4 .6.19. Other versions or models may also be affected. * Impact : A malware could overwrite originals files to do persistence or elevate privileges, because the installation folder gives full access to any user on the system. =====[ Detailed description ]================================================== A vulnerability allows local attackers to escalate privilege on TotalAV because of weak "C:\Program Files\TotalAV" permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM. The TotalAV installation folder permissions: C:\Program Files>icacls TotalAV TotalAV BUILTIN\Users:(OI)(CI)(F) Everyone:(OI)(CI)(F) NT SERVICE\TrustedInstaller:(I)(F) NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F) NT AUTHORITY\SYSTEM:(I)(F) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F) BUILTIN\Administrators:(I)(F) BUILTIN\Administrators:(I)(OI)(CI)(IO)(F) BUILTIN\Users:(I)(RX) BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE) CREATOR OWNER:(I)(OI)(CI)(IO)(F) =====[ Timeline of disclosure ]=============================================== 06/28/2018 - Vendor was informed of the vulnerability, but the contact form on the site does not seem to work. 07/12/2018 - The vendor was contacted again but did not respond. 07/12/2018 - CVE assigned [2] 07/12/2018 - Advisory publication date. =====[ Thanks & Acknowledgements ]============================================ - Tempest Security Intelligence / Tempest's Pentest Team [3] =====[ References ]=========================================================== [1] - https://www.totalav.com/ [2] - https://cve.mitre.org/cgi-bin/cvename.cgi?name= <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5313>CVE-2018-7535 [3] http://www.tempest.com.br/ -- Filipe Oliveira Tempest Security Intelligence


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top