Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrYcdxsbE7835226-1B20-4546-B256-3F625BADB022
HistoryApr 09, 2022 - 5:49 a.m.

ZeroTierOne for windows local privilege escalation because of incorrect directory privilege

2022-04-0905:49:14
ycdxsb
www.huntr.dev
229

0.0004 Low

EPSS

Percentile

5.1%

JSON

Description

When administrators install zerotierone for windows, it will install ZeroTierOneService, the ImagePath of it is C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe,however, the permission of C:\ProgramData\ZeroTier\One\ is incorrect, an attacker with low privilege can get system privilege by this vuln.

Proof of Concept

When administrators install zerotierone for windows, it will install ZeroTierOneService, the ImagePath of it is C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe.

info1

However,the permission of C:\ProgramData\ZeroTier\One\ is incorrect, all Users have write permission of C:\ProgramData\ZeroTier\One and its subdirectories.

info2

When ZeroTierOneService starts, it will try to load some dlls under C:\ProgramData\ZeroTier\One.

info3

So an attacker with low privilege can exploit it and gain a system privilege by dll hijacking because of ZeroTierOneService running as SYSTEM.

Related

nvd 1
cve 1
osv 1
prion 1
cvelist 1
openvas 1
nvd
nvd
CVE-2022-1316
2022-04-11 20:15:18
cve
cve
CVE-2022-1316
2022-04-11 20:15:18
osv
osv
CVE-2022-1316
2022-04-11 20:15:18
prion
prion
Privilege escalation
2022-04-11 20:15:00
cvelist
cvelist
CVE-2022-1316 Incorrect Permission Assignment for Critical Resource in zerotier/zerotierone
2022-04-11 20:05:16
openvas
openvas
osTicket < 1.16.6, 1.17.x < 1.17.3 Multiple XSS Vulnerabilities
2023-03-14 00:00:00

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for E7835226-1B20-4546-B256-3F625BADB022
nvd1cve1osv1prion1cvelist1openvas1