Main Vulnerability Database SB2017062008

SB2017062008 - Privilege escalation in Apcupsd

Published: June 20, 2017

Security Bulletin ID SB2017062008

CSH Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Privilege escalation (CVE-ID: CVE-2017-7884)

The vulnerability allows a local authenticated unprivileged attacker to gain elevated privileges on the target system.

The weakness exists due to insecure default permissions to installation directory of APCUPSD. A local attacker can replace the 'C:\apcupsd\bin\apcupsd.exe' executable with an arbitrary file and execute arbitrary code with system level privileges at startup.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

http://seclists.org/fulldisclosure/2017/Jun/20