CVE-2024-50590

CVSS V2 None CVSS V3 None

Description

Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is writable for all users. In addition, the Elefant installer registers two Firebird database services which are running as “NT AUTHORITY\SYSTEM”. Path: C:\Elefant1\Firebird_2\bin\fbserver.exe Path: C:\Elefant1\Firebird_2\bin\fbguard.exe Both service binaries are user writable. This means that a local attacker can rename one of the service binaries, replace the service executable with a new executable, and then restart the system. Once the system has rebooted, the new service binary is executed as "NT AUTHORITY\SYSTEM".

Overview

CVE ID
CVE-2024-50590

Assigner
SEC-VLab

Vulnerability Status
PUBLISHED

Published Version
2024-11-08T11:45:04.756Z

Last Modified Date
2024-11-08T15:35:03.204Z

Weakness Enumerations

CWE	URL
CWE-276	http://cwe.mitre.org/data/definitions/276.html
CWE-732	http://cwe.mitre.org/data/definitions/732.html
CWE-250	http://cwe.mitre.org/data/definitions/250.html

References

Reference URL	Reference Tags
https://r.sec-consult.com/hasomed	third-party-advisory
https://hasomed.de/produkte/elefant/	patch

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-50590
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50590

History

Created	Old Value	New Value	Data Type	Notes
2024-11-09 13:26:33				Added to TrackCVE