SOYAL 701Client 9.0.1 Insecure Permissions

2021.03.20
Credit: LiquidWorm
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

SOYAL 701Client 9.0.1 Insecure Permissions Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com Affected version: 9.0.1 190410 9.0.1 190115 Summary: 701 Client is the user interface software for the access control system. It is used for adding and deleting tokens, setting door groups for access, setting time zones for limiting access and monitoring ingress and egress on a live system, among other things. Desc: The application suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Authenticated Users' group. Tested on: Microsoft Windows 10 Enterprise Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2021-5634 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5634.php 25.01.2021 -- C:\Program Files (x86)\701Client>cacls client.exe C:\Program Files (x86)\701Client\client.exe NT AUTHORITY\Authenticated Users:F NT AUTHORITY\Authenticated Users:(ID)F NT AUTHORITY\SYSTEM:(ID)F BUILTIN\Administrators:(ID)F BUILTIN\Users:(ID)R APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(ID)R APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(ID)R C:\Program Files (x86)\701Client>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top