Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Local Privilege Escalation via Config Manipulation
Vulnerability Description
Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of the "bestinformed Server" to which this client connects. This is dangerous as the "bestinformed Infoclient" runs with elevated permissions ("nt authority\system"). By changing the server address to a malicious server, or a script simulating a server, the user is able to escalate his privileges by abusing certain features of the "bestinformed Web" server. Those features include: * Pushing of malicious update packages * Arbitrary Registry Read as "nt authority\system" An attacker is able to escalate his privileges to "nt authority\system" on the Windows client running the "bestinformed Infoclient". This attack is not possible if a custom configuration ("Infoclient.ini") containing the flags "ShowOnTaskbar=false" or "DisabledItems=stPort,stAddress" is deployed.
CVSS Information
N/A
Vulnerability Type
系统设置或配置在外部可控制
Vulnerability Title
Cordaware bestinformed 安全漏洞
Vulnerability Description
Cordaware bestinformed是德国Cordaware公司的一套群发通知系统。 Cordaware bestinformed存在安全漏洞,该漏洞源于服务器地址修改权限问题,可能导致本地权限提升至SYSTEM。
CVSS Information
N/A
Vulnerability Type
N/A