Ross video dashboard 8.5.1 insecure permissions Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2019-04-23 |
Type : local |
Platform : windows
This exploit / vulnerability Ross video dashboard 8.5.1 insecure permissions is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
Ross Video DashBoard 8.5.1 Insecure Permissions
Vendor: Ross Video Ltd.
Product web page: https://www.rossvideo.com
Affected version: 8.5.1
Summary: DashBoard is a free and open platform from Ross Video for facility
control and monitoring that enables users to quickly build unique, tailored
Custom Panels that make complex operations simple.
Desc: DashBoard suffers from an elevation of privileges vulnerability which
can be used by a simple authenticated user that can change the executable file
with a binary of choice. The vulnerability exist due to the improper permissions,
with the 'M' flag (Modify) or 'C' flag (Change) for 'Authenticated Users' group.
Tested on: Microsoft Windows 7 Professional SP1 (EN)
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience