Best Practice: Intel Unquoted Service Path

31. July 2019

Affected Software

Intel Management Interface <= 1815.12.0.2021

Issue

In my last assessment I discovered an unquoted service path in the Intel Management Engine Interface. In general this could lead to privilege escalation on a system, if the service is running with higher privileges and we (unprivileged user) got writing permissions along the installation path of the executable(howTo).

In this case the service was running as local system (yeah!), but unfortunately we didn’t have any writing permissions in the necessary folders.

Report

Even this isn’t a security vulnerability for itself, i decided to report this finding to Intel.
At first it’s not difficult to fix and unquoted service paths are in general not best practice 😉
Second in misconfigured environments or under some circumstances you could have write permission to some of these folders -> bad!

Intel agreed that this isn’t a security vulnerability, but they decided to appreciate it with a voucher (cool!).

Timeline

  • 05/23/19 Vendor informed
  • 29.05.19 Vendor asked for additional information
  • 05/30/19 Vendor send a voucher via Hackerone
  • 05/31/19 I asked to publish this post
  • 04.06.19 Vendor asked to wait until end of July
  • 31.07.19 Disclosure

Summary

Some companies are taking security very seriously && appreciate the work of researchers (even the finding is only a best practice advice)!

Note: If you like this little post, you should follow me on Twitter😉

Similar posts

While doing my preperation for the OSCE i found an exploit for the coolpalyer+ version 2.19.1 from 2009. I decided to [...]

19. February 2018

  Vulnerable software FTP server 8.0f(g) Vulnerability Local Buffer Overflow (SEH protected)-> Code Execution Time Line 01/24/2018 Vendor informed 01/30/2018 [...]

20. February 2018

CVE CVE-2018-16231 Vulnerable software FTP server <= 8.4f Vulnerability Remote denial of service Timeline 30.01.2018 Seller informed(also local BO ) [...]

25. August 2018

CVE CVE-2018-7272 Vulnerable software AT 5.0.0, 5.1.0 Vulnerability Unauthorized access Timeline 15.12.2017 Seller informs X.01.2018  Manufacturer has patched vulnerability 24.01.2018 Manufacturer [...]

25. August 2018