CVE-2024-28589 PoC — Axigen 安全漏洞

Source

https://github.com/Alaatk/CVE-2024-28589

Associated Vulnerability

Title:Axigen 安全漏洞 (CVE-2024-28589)
Description:Axigen是Axigen公司的一个具有群件和协作功能的邮件服务器。 Axigen 10.5.18 及之前版本存在安全漏洞，该漏洞源于允许本地低权限攻击者在服务初始化期间通过从全局可写目录加载不安全的 DLL 来执行任意代码并提升权限。

Description

Local Privilege Escalation Vulnerability on Axigen for Windows

Readme

# CVE-2024-28589
A vulnerability has been discovered in Axigen Mail Server for Windows, affecting all versions up to 10.5.18, which allows for local privilege escalation.

### Description:
The Axigen Mail Server was found to be vulnerable to a local privilege escalation due to insecure DLL loading from a world-writable directory. During the service initiation of "Axigen Mail Server," which operates with SYSTEM privileges, it searches for a non-existent directory. An attacker with local access can create this directory and place a malicious DLL file in it. When the service starts, it attempts to load all DLL files in this directory, allowing the attacker's code to execute with SYSTEM privileges.

### Affected versions
Axigen 10.x up to 10.5.18

fixed starting with 10.5.19

### Impacted service(s)
Service Name: Axigen Mail Server


### DLL loaded from world-writable directory 
![Alt text](https://raw.githubusercontent.com/Alaatk/CVE-2024-28589/main/DLL-load.jpg)

#### Discovered by: 
* Alaa Kachouh
* Ali Jammal of Deloitte Netherlands

File Snapshot


 [4.0K]  /data/pocs/aca194d0f76976f5365a15da591a7f85c8252ac7
├── [166K]  DLL-load.jpg
└── [1.0K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!