We chose to create a bat file in the Users Startup folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\backdoor.bat because we believe it is a good opportunity to present an interesting method we used, in order to bypass restrictions of this arbitrary write where we could control only partially the content. The attacker partially controls the content of the file. The exploitation of this EoP, gives the ability to a low privileged user to create a file anywhere in the system.
The latest version we tested is SEP Version 14(14.2 RU2 MP1) build 5569 (.2100). Known to Neurosoft’s RedyOps Labs since: Īn Elevation of Privilege (EoP) exists in SEP 14.2 RU2.
Assigned CVE: CVE-2020-5837 has been assigned and RedyOps Labs has been publicly acknowledged by the vendor.
0 kommentar(er)
