CVE-2024-28589 PoC — Axigen 安全漏洞

Source

https://github.com/Alaatk/CVE-2024-28589

Associated Vulnerability

Title:Axigen 安全漏洞 (CVE-2024-28589)
Description:An issue was discovered in Axigen Mail Server for Windows versions 10.5.18 and before, allows local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL loading from a world-writable directory during service initialization.

Description

Local Privilege Escalation Vulnerability on Axigen for Windows

Readme

# CVE-2024-28589
A vulnerability has been discovered in Axigen Mail Server for Windows, affecting all versions up to 10.5.18, which allows for local privilege escalation.

### Description:
The Axigen Mail Server was found to be vulnerable to a local privilege escalation due to insecure DLL loading from a world-writable directory. During the service initiation of "Axigen Mail Server," which operates with SYSTEM privileges, it searches for a non-existent directory. An attacker with local access can create this directory and place a malicious DLL file in it. When the service starts, it attempts to load all DLL files in this directory, allowing the attacker's code to execute with SYSTEM privileges.

### Affected versions
Axigen 10.x up to 10.5.18

fixed starting with 10.5.19

### Impacted service(s)
Service Name: Axigen Mail Server


### DLL loaded from world-writable directory 
![Alt text](https://raw.githubusercontent.com/Alaatk/CVE-2024-28589/main/DLL-load.jpg)

#### Discovered by: 
* Alaa Kachouh
* Ali Jammal of Deloitte Netherlands

File Snapshot


 [4.0K]  /data/pocs/aca194d0f76976f5365a15da591a7f85c8252ac7
├── [166K]  DLL-load.jpg
└── [1.0K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!