10-Strike Bandwidth Monitor 3.9 Unquoted Service Path

2020.06.16
Credit: Bobby Cooke
Risk: High
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

# Exploit Title: Bandwidth Monitor 3.9 - Unquoted Services Paths # Exploit Author: Bobby Cooke # Date: 2020-07-15 # Vendor Site: https://www.10-strike.com/ # Software Download: https://www.10-strike.com/bandwidth-monitor/bandwidth-monitor.exe # Tested On: Windows 10 - Pro 1909 (x86) # Version: version 3.9 # Vulnerability Type: Local Privilege Escalation to LocalSystem by Unquoted Service Path. # Vulnerability Description: The 10-Strike Bandwidth Monitor v3.9 services "Svc10StrikeBandMontitor", "Svc10StrikeBMWD", and "Svc10StrikeBMAgent" suffer from unquoted service path vulnerabilities that allow attackers to achieve Privilege Escalation to SYSTEM, at startup, by placing a malicious binary in the truncated service path; such as "C:\Program.exe". C:\Users\boku>wmic service get name,pathname,startmode,StartName | findstr "10-Strike Bandwidth Monitor" Svc10StrikeBandMonitor C:\Program Files\10-Strike Bandwidth Monitor\BMsvc.exe Auto LocalSystem Svc10StrikeBMWD C:\Program Files\10-Strike Bandwidth Monitor\BMWDsvc.exe Auto LocalSystem Svc10StrikeBMAgent C:\Program Files\10-Strike Bandwidth Monitor Agent\BMAgent.exe Auto LocalSystem


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top