Ross Video DashBoard 8.5.1 权限配置不当导致本地提权漏洞

Title: Ross Video DashBoard 8.5.1 Insecure Permissions Advisory ID: ZSL-2019-5516 Type: Local Impact: Privilege Escalation Risk: 2/5 Release Date: 23.04.2019 Summary: DashBoard is a free and open platform from Ross Video for facility control and monitoring. It allows users to build unique, tailored Custom Panels that simplify complex operations. Description: The DashBoard suffers from a privilege escalation vulnerability that can be exploited by a simple authenticated user to change the executable file with a binary of choice. This vulnerability exists due to improper permissions, specifically the 'M' (Modify) or 'C' (Change) flags for the 'Authenticated Users' group. Vendor: Ross Video Ltd. - https://www.rossvideo.com Affected Version: 8.5.1 Tested On: Microsoft Windows 7 Professional SP1 (EN) Vendor Status: N/A PoC: rossdashboard_eop.txt Credits: Vulnerability discovered by Gjoko Krstic - References: [1] https://www.exploit-db.com/exploits/46742 [2] https://packetstormsecurity.com/files/152601 [3] https://cxsecurity.com/issue/WLB-2019040215 [4] https://exchange.xforce.ibmcloud.com/vulnerabilities/160043 Changelog: [23.04.2019] - Initial release [24.04.2019] - Added reference [1], [2], and [3] [01.05.2019] - Added reference [4] Contact: Zero Science Lab Web: http://www.zeroscience.mk e-mail: lab@zeroscience.mk

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

Ross Video DashBoard 8.5.1 权限配置不当导致本地提权漏洞

目标达成感谢每一位支持者 — 我们达成了 100% 目标！