CVE-2024-50591

Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)

Published: Nov 8, 2024 / Updated: 11d ago

010
CVSS 7.8EPSS 0.04%High
CVE info copied to clipboard

An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a command injection vulnerability in the Elefant Update Service. The command injection can be exploited by communicating with the Elefant Update Service which is running as "SYSTEM" via Windows Named Pipes.The Elefant Software Updater (ESU) consists of two components. An ESU service which runs as "NT AUTHORITY\SYSTEM" and an ESU tray client which communicates with the service to update or repair the installation and is running with user permissions. The communication is implemented using named pipes. A crafted message of type "MessageType.SupportServiceInfos" can be sent to the local ESU service to inject commands, which are then executed as "NT AUTHORITY\SYSTEM".

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-50591

Nov 8, 2024 at 12:15 PM
First Article

Feedly found the first article mentioning CVE-2024-50591. See article

Nov 8, 2024 at 12:21 PM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 8, 2024 at 12:21 PM
CVSS

A CVSS base score of 7.8 has been assigned.

Nov 8, 2024 at 4:41 PM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 10%)

Nov 9, 2024 at 9:56 AM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Nov 11, 2024 at 7:45 PM
Static CVE Timeline Graph

Affected Systems

Elefantcms/elefant
+null more

Attack Patterns

CAPEC-136: LDAP Injection
+null more

News

US-CERT Vulnerability Summary for the Week of November 4, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High : vulnerabilities with a CVSS base score of 7.0–10.0 Medium : vulnerabilities with a CVSS base score of 4.0–6.9 Low : vulnerabilities with a CVSS base score of 0.0–3.9 Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available.
Vulnerability Summary for the Week of November 4, 2024
High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source Info 1000 Projects--Beauty Parlour Management System A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0. This issue affects some unknown processing of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-11-10 7.3 CVE-2024-11055 1000 Projects--Bookstore Management System A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /contact_process.php. The manipulation of the argument fnm leads to sql injection. The attack can be launched remotely.
HASOMED Elefant / Elefant Software Updater Data Exposure / Privilege Escalation
Authored by Daniel Hirschberger , Florian Stuhlmann Site sec-consult.com HASOMED Elefant versions prior to 24.04.00 and Elefant Software Updater versions prior to 1.4.2.1811 suffer from having an unprotected exposed firebird database, unprotected FHIR API, multiple local privilege escalation, and hardcoded service password vulnerabilities. advisories CVE-2024-50588, CVE-2024-50589, CVE-2024-50590, CVE-2024-50591, CVE-2024-50592, CVE-2024-50593
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
4) Local Privilege Escalation via Command Injection (CVE-2024-50591) An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a command injection vulnerability in the Elefant Update Service. 5) Local Privilege Escalation via Race Condition (CVE-2024-50592) An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a race condition in the Elefant Update Service during the repair or update process.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
4) Local Privilege Escalation via Command Injection (CVE-2024-50591) An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a command injection vulnerability in the Elefant Update Service. 5) Local Privilege Escalation via Race Condition (CVE-2024-50592) An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a race condition in the Elefant Update Service during the repair or update process.
See 10 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI