Best Practise: Intel Unquoted Service Path

Affected Software

Intel Management Interface <= 1815.12.0.2021

Issue

In my last assessment i discovered an unquoted service path in the Intel Management Engine Interface. In general this could lead to privilege escalation on a system, if the service is running with higher privileges and we (unprivileged user) got writing permissions along the installation path of the executable (howTo).

In this case the service was running as local system (yeah!), but unfortunately we didn’t have any writing permissions in the necessary folders.

Report

Even this isn’t a security vulnerability for itself, i decided to report this finding to Intel.
At first it’s not difficult to fix and unquoted service paths are in general not best practise 😉
Second in misconfigured environments or under some circumstances you could have write permission to some of these folders -> bad!

Intel agreed, that this isn’t a security vulnerabilty, but they decided to appreciate it with a voucher (cool!).

Timeline

  • 23.05.19 Vendor informed
  • 29.05.19 Vendor asked for additional information
  • 30.05.19 Vendor send a voucher via Hackerone
  • 31.05.19 I asked to publish this post
  • 04.06.19 Vendor asked to wait until end of July
  • 31.07.19 Disclosure

Summary

Some companies are taking security very seriously && appreciate the work of researchers (even the finding is only an best practise advice)!

Note: If you like this little post, you should follow me on Twitter 😉