Security
Headlines
HeadlinesLatestCVEs

Headline

MilleGPG5 5.9.2 Local Privilege Escalation

MilleGPG5 version 5.9.2 suffers from a local privilege escalation vulnerability due to incorrect access controls.

Packet Storm
#vulnerability#web#windows#microsoft#php#nginx#auth
# Exploit Title: MilleGPG5 5.9.2 (Gennaio 2023) - Local Privilege Escalation / Incorrect Access Control# Date: 2023-04-28# Exploit Author: Andrea Intilangelo# Vendor Homepage: https://millegpg.it/# Software Homepage: https://millegpg.it - https://millewin.it/prodotti/governo-clinico-3/# Software Link: https://www.millegpg.it/download/MilleGPGInstall.exe# Version: 5.9.2# Tested on: Microsoft Windows 10 Enterprise x64 22H2, build 19045.2913# CVE: CVE-2023-25438MilleGPG / MilleGPG5 also known as "Governo Clinico 3"Vendor: Millennium S.r.l. / Dedalus Group - Dedalus Italia S.p.a. / Genomedics S.r.l.Affected/tested version: MilleGPG5 5.9.2Summary:Mille General Practice Governance (MilleGPG): an interactive tool to address an effective quality of care through theItalian general practice network.MilleGPG is an innovative IT support for the evaluation and optimization of patient care and intervention processes,complete with new features for the management of the COVID-19 vaccine campaign. It is An irreplaceable "ally" for theGeneral Practitioner, also offering contextual access to the most authoritative scientific content and CME training.Vuln desc:The application is prone to insecure file/folder permissions on its default installation path, wrongly allowing somefiles to be modified by unprivileged users, malicious process and/or threat actor. Attacker can exploit the weaknessabusing the "write" permission of the main application available to all users on the system or network.Details:Any low privileged user can elevate their privileges abusing files/folders that have incorrect permissions, e.g.:C:\Program Files\MilleGPG5\MilleGPG5.exe    (main gui application)C:\Program Files\MilleGPG5\plugin\          (GPGCommand.exe, nginx and php files)C:\Program Files\MilleGPG5\k-platform\      (api and webapp files)such as BUILTIN\Users:(I)(OI)(CI)(R,W) and/or FILE_GENERIC_WRITE, FILE_WRITE_DATA and FILE_WRITE_EA

Related news

CVE-2023-25438: MilleGPG5 5.9.2 Local Privilege Escalation ≈ Packet Storm

An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalated privileges via modifying specific files.

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution