10-Strike Bandwidth Monitor version 3.9 services Svc10StrikeBandMontitor, Svc10StrikeBMWD, and Svc10StrikeBMAgent suffer from unquoted service path vulnerabilities.
988460dcd7c34ca37336597a2f2529a94e3d321ba6e6a335123548b0c0e9485b# Exploit Title: Bandwidth Monitor 3.9 - Unquoted Services Paths
# Exploit Author: Bobby Cooke
# Date: 2020-07-15
# Vendor Site: https://www.10-strike.com/
# Software Download: https://www.10-strike.com/bandwidth-monitor/bandwidth-monitor.exe
# Tested On: Windows 10 - Pro 1909 (x86)
# Version: version 3.9
# Vulnerability Type:
Local Privilege Escalation to LocalSystem by Unquoted Service Path.
# Vulnerability Description:
The 10-Strike Bandwidth Monitor v3.9 services "Svc10StrikeBandMontitor", "Svc10StrikeBMWD", and "Svc10StrikeBMAgent" suffer from unquoted service path vulnerabilities that allow attackers to achieve Privilege Escalation to SYSTEM, at startup, by placing a malicious binary in the truncated service path; such as "C:\Program.exe".
C:\Users\boku>wmic service get name,pathname,startmode,StartName | findstr "10-Strike Bandwidth Monitor"
Svc10StrikeBandMonitor C:\Program Files\10-Strike Bandwidth Monitor\BMsvc.exe Auto LocalSystem
Svc10StrikeBMWD C:\Program Files\10-Strike Bandwidth Monitor\BMWDsvc.exe Auto LocalSystem
Svc10StrikeBMAgent C:\Program Files\10-Strike Bandwidth Monitor Agent\BMAgent.exe Auto LocalSystem
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed