Vulnerability Description
An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a race condition in the Elefant Update Service during the repair or update process. When using the repair function, the service queries the server for a list of files and their hashes. In addition, instructions to execute binaries to finalize the repair process are included. The executables are executed as "NT AUTHORITY\SYSTEM" after they are copied over to the user writable installation folder (C:\Elefant1). This means that a user can overwrite either "PostESUUpdate.exe" or "Update_OpenJava.exe" in the time frame after the copy and before the execution of the final repair step. The overwritten executable is then executed as "NT AUTHORITY\SYSTEM".
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://hasomed.de/produkte/elefant/
- https://r.sec-consult.com/hasomed
- http://seclists.org/fulldisclosure/2024/Nov/3
FAQ
What is CVE-2024-50592?
CVE-2024-50592 is a vulnerability with a CVSS score of 7.0 (HIGH). An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a race condition in the Elefant Update Service during the...
How severe is CVE-2024-50592?
CVE-2024-50592 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-50592?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.