CVE-2018-18435
CVE-2018-18435
KioWare Server version 4.9.6 and older installs by default to "C:\kioware_com" with weak folder permissions granting any user full permission "Everyone: (F)" to the contents of the directory and it's sub-folders. In addition, the program installs a service called "KWSService" which runs as "Localsystem", this will allow any user to escalate privileges to "NT AUTHORITY\SYSTEM" by substituting the service's binary with a malicious one.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/151031/KioWare-Server-4.9.6-Privilege-Escalation.htmlunverifiedcve_referencewww.exploit-db.com/exploits/46093/unverifiedexploitdbwww.exploit-db.com/exploits/46093unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/151031/KioWare-Server-4.9.6-Privilege-Escalation.htmlhttps://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-002.mdhttps://m.kioware.com/news/kioware-press-releases/kioware_server_security_patch_updatehttps://www.exploit-db.com/exploits/46093/https://www.kioware.com/patch.aspx