Andrew Oliveau

9 exploits Active since Jul 2023
CVE-2023-27470 NOMISEC HIGH WORKING POC
N-able Take Control < 7.0.43 - Arbitrary File Deletion via TOCTOU Race Condition in BASupSrvcUpdater.exe
BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion.
11 stars
CVSS 7.0
CVE-2023-26077 WRITEUP HIGH WRITEUP
Atera Agent <1.8.3.6 - Path Traversal
Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions.
CVSS 7.8
CVE-2023-26078 WRITEUP HIGH WRITEUP
Atera Agent <1.8.4.4 - Privilege Escalation
Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs.
CVSS 7.8
CVE-2023-27470 WRITEUP HIGH WRITEUP
N-able Take Control < 7.0.43 - Arbitrary File Deletion via TOCTOU Race Condition in BASupSrvcUpdater.exe
BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion.
CVSS 7.0
CVE-2023-26603 WRITEUP MEDIUM WRITEUP
JumpCloud Agent <1.178.0 - Privilege Escalation
JumpCloud Agent before 1.178.0 Creates a Temporary File in a Directory with Insecure Permissions. This allows privilege escalation to SYSTEM via a repair action in the installer.
CVSS 5.9
CVE-2023-3181 WRITEUP HIGH WRITEUP
Splashtop Software Updater < - DLL Hijacking
The C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst.exe process creates a folder at C:\Windows\Temp~nsu.tmp and copies itself to it as Au_.exe. The C:\Windows\Temp~nsu.tmp\Au_.exe file is automatically launched as SYSTEM when the system reboots or when a standard user runs an MSI repair using Splashtop Streamer’s Windows Installer. Since the C:\Windows\Temp~nsu.tmp folder inherits permissions from C:\Windows\Temp and Au_.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.
CVSS 7.8
CVE-2023-37243 WRITEUP HIGH WRITEUP
System Reboot - Privilege Escalation
The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\Windows\Temp\Agent.Package.Availability folder inherits permissions from C:\Windows\Temp and Agent.Package.Availability.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.
CVSS 7.8
CVE-2023-37244 WRITEUP MEDIUM WRITEUP
n-able Automation Manager < 2.91.0.0 - Arbitrary File Deletion via TOCTOU Race Condition
The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into performing arbitrary file deletions. We recommend upgrading to version 2.91.0.0
CVSS 5.3
CVE-2023-6080 WRITEUP HIGH WRITEUP
Lakeside SysTrack LsiAgent Installer 10.7.8-10.9.9 - Local Privilege Escalation via Insecure File Permissions
Lakeside Software’s SysTrack LsiAgent Installer version 10.7.8 for Windows contains a local privilege escalation vulnerability which allows attackers SYSTEM level access.
CVSS 7.8