Privilege escalation in Apcupsd - CVE-2017-7884
Published: June 20, 2017 / Updated: June 20, 2017
Vulnerability identifier: #VU7132
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-7884
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Apcupsd Project
Affected software:
Apcupsd
Apcupsd
Detailed vulnerability description
The vulnerability allows a local authenticated unprivileged attacker to gain elevated privileges on the target system.
The weakness exists due to insecure default permissions to installation directory of APCUPSD. A local attacker can replace the 'C:\apcupsd\bin\apcupsd.exe' executable with an arbitrary file and execute arbitrary code with system level privileges at startup.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to insecure default permissions to installation directory of APCUPSD. A local attacker can replace the 'C:\apcupsd\bin\apcupsd.exe' executable with an arbitrary file and execute arbitrary code with system level privileges at startup.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2017-7884
Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.