CVE-2017-7884 — Uncontrolled Search Path Element in APC UPS Daemon

CWE-427 — Uncontrolled Search Path Element3 documents3 sources

Severity

8.4HIGHNVD

EPSS

0.0%

top 86.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apcupsd APC UPS Daemon Debian Apcupsd

Timeline

PublishedJun 16

Latest updateMay 13

Description

In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default installation of APCUPSD allows a local authenticated, but unprivileged, user to run arbitrary code with elevated privileges by replacing the service executable apcupsd.exe with a malicious executable that will run with SYSTEM privileges at startup. This occurs because of "RW NT AUTHORITY\Authenticated Users" permissions for %SYSTEMDRIVE%\apcupsd\bin\apcupsd.exe.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages2 packages

▶NVDapcupsd/apc_ups_daemon3.14.14

▶debiandebian/apcupsd

🔴Vulnerability Details

GHSA

GHSA-x543-885p-w95x: In Adam Kropelin adk0212 APC UPS Daemon through 3↗2022-05-13

▶

📋Vendor Advisories

Debian

CVE-2017-7884: apcupsd - In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default installatio...↗2017

▶