Российский производитель систем контроля доступа
Прайс-лист
Search

Больше результатов...

Generic filters
Выбрать категорию
Товары
Страницы
Новости / Статьи
Файлы

Nssm-2.24 Privilege Escalation

Several CVEs have been issued related to privilege escalation through NSSM, primarily stemming from incorrect permission settings on the nssm.exe binary. The most critical of these is detailed below.

A conceptual exploitation flow proceeds as follows:

An authenticated, low-privileged user can achieve full SYSTEM privileges on the affected host. This compromises integrity, confidentiality, and availability. nssm-2.24 privilege escalation

NSSM is an open-source service helper. Unlike the native Windows sc.exe , NSSM provides a user-friendly interface and robust monitoring features. It is frequently used in development environments and by DevOps teams to manage web servers, database proxies, and custom scripts as background services. The Core of the Vulnerability: Insecure File Permissions

The attacker waits for a reboot or uses wmic service to attempt a restart if they have the rights to do so. How to Mitigate NSSM-2.24 Risks Several CVEs have been issued related to privilege

: A more recent vulnerability identified in products like Phoenix Contact Device and Update Management involves misconfigured permissions on nssm.exe specifically, allowing low-privileged local attackers to gain administrative access. Vulnerability Summary Table CVE-2016-8742 Detail - NVD

The absolute path to nssm.exe and the application binary it wraps must be strictly protected. Restrict write/modify access to standard users. It is frequently used in development environments and

Furthermore, specific to NSSM 2.24, the tool allows the modification of the AppParameters or Application registry keys (located at HKLM\SYSTEM\CurrentControlSet\Services\ServiceName\Parameters ) without strict integrity checks if the attacker has sufficient privileges to modify the service configuration (often achievable via standard user rights if service permissions are misconfigured).

In many installations of NSSM 2.24, the privilege escalation path typically follows this logic:

icacls "C:\YourServiceDirectory" /inheritance:d icacls "C:\YourServiceDirectory" /remove "Authenticated Users" icacls "C:\YourServiceDirectory" /remove "Users" Use code with caution. 2. Audit and Restrict Registry Permissions

: An attacker gains initial access to a Windows system as a standard, non-administrative user.