Best Practise: Intel Unquoted Service Path

31. Juli 2019

Affected Software

Intel Management Interface <= 1815.12.0.2021

Issue

In my last assessment i discovered an unquoted service path in the Intel Management Engine Interface. In general this could lead to privilege escalation on a system, if the service is running with higher privileges and we (unprivileged user) got writing permissions along the installation path of the executable (howTo).

In this case the service was running as local system (yeah!), but unfortunately we didn’t have any writing permissions in the necessary folders.

Report

Even this isn’t a security vulnerability for itself, i decided to report this finding to Intel.
At first it’s not difficult to fix and unquoted service paths are in general not best practise 😉
Second in misconfigured environments or under some circumstances you could have write permission to some of these folders -> bad!

Intel agreed, that this isn’t a security vulnerabilty, but they decided to appreciate it with a voucher (cool!).

Timeline

  • 23.05.19 Vendor informed
  • 29.05.19 Vendor asked for additional information
  • 30.05.19 Vendor send a voucher via Hackerone
  • 31.05.19 I asked to publish this post
  • 04.06.19 Vendor asked to wait until end of July
  • 31.07.19 Disclosure

Summary

Some companies are taking security very seriously && appreciate the work of researchers (even the finding is only an best practise advice)!

Note: If you like this little post, you should follow me on Twitter 😉

Sie sehen gerade einen Platzhalterinhalt von Facebook. Um auf den eigentlichen Inhalt zuzugreifen, klicken Sie auf die Schaltfläche unten. Bitte beachten Sie, dass dabei Daten an Drittanbieter weitergegeben werden.

Mehr Informationen

Ähnliche Beiträge

While doing my preperation for the OSCE i found an exploit for the coolpalyer+ version 2.19.1 from 2009. I decided to [...]

19. Februar 2018

CVE CVE-2018-16231 Anfällige Software FTP-Server <= 8.4f Schwachstelle Entfernte Dienstverweigerung Zeitleiste 30.01.2018 Verkäufer informiert(auch lokale BO ) X.02.2018  Hersteller gepatchte [...]

25. August 2018

CVE CVE-2018-7272 Anfällige Software AM 5.0.0, 5.1.0 Schwachstelle Unbefugter Zugriff Zeitleiste 15.12.2017 Verkäuferin informiert X.01.2018  Hersteller hat Schwachstelle gepatcht 24.01.2018 Hersteller [...]

25. August 2018

Beschreibung Von Applikation, welche in den Hintergrund versetzt werden, werden Screenshots zur besseren Userexperience angelegt. Unglücklicherweise können andere Apps auf [...]

1. Juli 2019