Vulnerability Description
Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is writable for all users. In addition, the Elefant installer registers two Firebird database services which are running as “NT AUTHORITY\SYSTEM”. Path: C:\Elefant1\Firebird_2\bin\fbserver.exe Path: C:\Elefant1\Firebird_2\bin\fbguard.exe Both service binaries are user writable. This means that a local attacker can rename one of the service binaries, replace the service executable with a new executable, and then restart the system. Once the system has rebooted, the new service binary is executed as "NT AUTHORITY\SYSTEM".
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://hasomed.de/produkte/elefant/
- https://r.sec-consult.com/hasomed
- http://seclists.org/fulldisclosure/2024/Nov/3
FAQ
What is CVE-2024-50590?
CVE-2024-50590 is a vulnerability with a CVSS score of 7.8 (HIGH). Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permission...
How severe is CVE-2024-50590?
CVE-2024-50590 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-50590?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.