A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows auto-update feature that can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation. Successful exploitation of this issue may allow a low-privileged local user to escalate their privileges to the System user.
Tag: Windows
ASA-2019-00550 – PuTTY: Hijacking sockets used for local port forwarding
On Windows, the listening sockets used for local port forwarding were opened in a mode that did not prevent other processes from also listening on the same ports and stealing some of the incoming connections.
ASA-2019-00545 – BlueStacks: Arbitrary File Read with System admin privilege
BlueStacks employs Android running in a virtual machine (VM) to enable Android apps to run on Windows or MacOS. Bug is in a local arbitrary file read through a system service call. The impacted method runs with System admin privilege and if given the file name as parameter returns you the content of file. A malicious app using the affected method can then read the content of any system file which it is not authorized to read.
ASA-2019-00390 – curl: Windows OpenSSL engine code injection
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants. This flaw exists in the official curl-for-windows binaries built and hosted by the curl project (all versions up to and including 7.65.1_1). It does not exist in the curl executable shipped by Microsoft, bundled with Windows 10. It possibly exists in other curl builds for Windows too that uses OpenSSL.
ASA-2019-00380 – London Trust Media Private Internet Access: DLL injection vulnerability during the update process
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v1.0 for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The PIA Desktop client is vulnerable to a DLL injection vulnerability during the update process. The updater loads several DLLs from a folder that authenticated users have write access to. A low privileged user can leverage this vulnerability to execute arbitrary code as an administrator.
ASA-2019-00377 – London Trust Media Private Internet Access: Privilege Escalation due to malicious OpenSSL engine
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client 1.0.2 (build 02363) for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privilege.
ASA-2019-00338 – Intel PROSet/Wireless WiFi Software: Insufficient access control
Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
ASA-2019-00334 – Intel RAID Web Console 3 for Windows: Insufficient session validation in the service API
Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access.