Privilege Escalation

SSD Advisory – Windows Installer Elevation of Privileges Vulnerability

TL;DR Vulnerability in Windows Installer allows local users to gain elevated SYSTEM privileges in Windows. Vulnerability Summary Windows Installer is a software component and application programming interface of Microsoft Windows used for the installation, maintenance, and removal of software. Windows Installer suffers from a local privilege escalation allowing a local user to gain SYSTEM on …

SSD Advisory – Windows Installer Elevation of Privileges Vulnerability Read More »

SSD Advisory – Aegir with Apache LPE

TL;DR Find out how we exploited a behavior of Apache while using the limited rights of Aegir user to gain root access. Vulnerability Summary Aegir is a free and open source Unix based web hosting control panelprogram for Application lifecycle management that provides a graphical interface designed to simplify deploying and managing Drupal, WordPress and CiviCRM …

SSD Advisory – Aegir with Apache LPE Read More »

SSD Advisory – Mimosa Routers Privilege Escalation and Authentication bypass

TL;DR Find out how we exploited Mimosa Router’s web interface vulnerability and gained root access. Vulnerability Summary Mimosa Networks is the global technology leader in wireless broadband solutions, delivering fiber-fast connectivity to service providers and enterprise, industrial and government operators worldwide. A vulnerability in Mimosa devices/routers leads to an authentication bypass/ privilege escalation by executing …

SSD Advisory – Mimosa Routers Privilege Escalation and Authentication bypass Read More »

SSD Advisory – Intel Windows Graphics Driver Buffer Overflow to Privilege Escalation

IntroductionSince 2014, Intel is dominating the PC market as the leading graphics chip vendor worldwide with ~70% market share. With this overwhelming amount of units, any vulnerabilities found are bound to make an impact. Read below on how our team gained system access using an Intel’s graphics driver privilege escalation vulnerability. System access vulnerabilities and …

SSD Advisory – Intel Windows Graphics Driver Buffer Overflow to Privilege Escalation Read More »

SSD Advisory – Intel Windows Graphics Driver Out of Bounds Read Denial of Service

IntroductionSince 2014, Intel is dominating the PC market as the leading graphics chip vendor worldwide with ~70% market share. With this overwhelming amount of units, any vulnerabilities found are bound to make an impact. Read below on how our team gained system access using an Intel’s graphics driver privilege escalation vulnerability.System access vulnerabilities and others …

SSD Advisory – Intel Windows Graphics Driver Out of Bounds Read Denial of Service Read More »

SSD Advisory – Vesta CP Remote Command Execution To Privilege Escalation

Vulnerabilities SummaryThe following advisory describes a vulnerability in Vesta control panel (VestaCP), an open source hosting control panel, which can be used to manage multiple websites, create and manage email accounts, FTP accounts, and MySQL databases, manage DNS records and more.CVECVE-2019-9859CreditAn independent Security Researcher, 0xecute, has reported this vulnerability to SSD Secure Disclosure program.Affected systemsVestaCP …

SSD Advisory – Vesta CP Remote Command Execution To Privilege Escalation Read More »

SSD Advisory – iOS powerd Uninitialized Mach Message Reply to Sandbox Escape and Privilege Escalation

(This advisory follows up on a vulnerability provided in Hack2Win Extreme competition, that won the iOS Privilege Escalation category in our offensive security event in 2018 in Hong Kong – come join us at TyphoonCon – June 2019 in Seoul for more offensive security lectures and training)Vulnerabilities SummaryThe following advisory describes security bugs discovered in …

SSD Advisory – iOS powerd Uninitialized Mach Message Reply to Sandbox Escape and Privilege Escalation Read More »

SSD Advisory – Cisco ISE Unauthenticated XSS to Privileged RCE

Vulnerabilities SummaryCisco Identity Services Engine (ISE) contains three vulnerabilities that when exploited allow an unauthenticated attacker to achieve root privileges and execute code remotely. The first is a Stored Cross Site Scripting file upload vulnerability that allows the attacker to upload and execute html pages on victims browser. The second is an already known vulnerability …

SSD Advisory – Cisco ISE Unauthenticated XSS to Privileged RCE Read More »

SSD Advisory – SME Server Unauthenticated XSS To Privileged Remote Code Execution

Vulnerabilities SummaryThe following advisory describes a vulnerability in SME Server 9.2, which lets an unauthenticated attackers perform XSS attack that leads to remote code execution as root. SME Server is a Linux distribution for small and medium enterprises by Koozali foundation.CVECVE-2018-18072CreditAn independent security researcher, Karn Ganeshen has reported this vulnerability to Beyond Security’s SecuriTeam Secure …

SSD Advisory – SME Server Unauthenticated XSS To Privileged Remote Code Execution Read More »

SSD Advisory – Cisco Prime Infrastructure File Inclusion and Remote Command Execution to Privileges Escalation

Vulnerabilities Summary Cisco Prime Infrastructure (CPI) contains two vulnerabilities that when exploited allow an unauthenticated attacker to achieve root privileges and execute code remotely. The first vulnerability is a file upload vulnerability that allows the attacker to upload and execute JSP files as the Apache Tomcat user. The second vulnerability is a privilege escalation to …

SSD Advisory – Cisco Prime Infrastructure File Inclusion and Remote Command Execution to Privileges Escalation Read More »

SSD Advisory – IRDA Linux Driver UAF

Vulnerabilities Summary The following advisory describes two vulnerabilities in the Linux Kernel. By combining these two vulnerabilities a privilege escalation can be achieved. The two vulnerabilities are quite old and have been around for at least 17 years, quite a few Long Term releases of Linux have them in their kernel. While the assessment of …

SSD Advisory – IRDA Linux Driver UAF Read More »

?

Get in touch