CVE-2022-39959 PoC — Panini Everest Engine 代码问题漏洞

Source

https://github.com/usmarine2141/CVE-2022-39959

Associated Vulnerability

Title:Panini Everest Engine 代码问题漏洞 (CVE-2022-39959)
Description:Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%\Panini\Everest Engine\EverestEngine.exe and therefore a Trojan horse %PROGRAMDATA%\Panini\Everest.exe may be executed instead of the intended vendor-supplied EverestEngine.exe file.

Description

CVE-2022-39959

Readme

# CVE-2022-39959

###### Affected Vendor- Panini https://www.panini.com/en
###### Affected Product - Panini Everest Engine
###### Affected Version - 2.0.4

There is an Unquoted Service Path in Everest Engine(EverestEngine.exe) in version **2.0.4** on Windows. This allows an unauthorized local user to insert arbitrary code into the unquoted service path and escalate privileges to system


**File Path:** C:\ProgramData\Panini\Everest Engine


#### Exploit
Add arbitrary code named Everest.exe file to the unquoted path %PROGRAMDATA%\Panini and once system is rebooted or service restarted the attacker will gain system privileges to the system

##### Impact
Escalation to System Privileges

File Snapshot


 [4.0K]  /data/pocs/2aa6198df0481cc4d5a7bfe52b53dc17be28d012
└── [ 695]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!