Headline
CVE-2022-26236: CVE-2022-26236: Normand Remisol Advance Launcher - Pastebin.com
The default privileges for the running service Normand Remisol Advance Launcher in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.
Oct 1st, 2022 (edited)
21
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.16 KB | Cybersecurity | 0 0
- CVE-2022-26236: Normand Remisol Advance Launcher
- A vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand Remisol Advance Launcher. On installation, the permissions set by Remisol Advance allow non-privileged users to overwrite and/or manipulate executables and libraries that run as the elevated SYSTEM user on Windows.
- To recreate the conditions for exploitation, do the following;
Step 1: Obtain low-level permission to a workstation (these workstations are usually protected with a weak password, a default vendor password, or no password).
Step 2: Replace the message server service executable (LauncherService.exe or any associated library used with the service) with a malicious or PoC binary. Note: This service and its executable may be named something else in different regions; please check the services installed in Windows.
Step 3: Restart the machine or service, whichever is more accessible.
Step 4: Your binary will be started as the SYSTEM/NT Authority user.
- The fix is simple: correct the permissions so that every user cannot overwrite the services and make themselves a super admin on the local Windows host.