Veridium SprintWork Local Privilege Escalation Vulnerability

A local privilege escalation vulnerability has been identified in Veridium SprintWork version 2.3.1. This vulnerability arises from insecure file, service, and folder permissions on Windows systems, allowing local unprivileged users to exploit missing executable files and weak service configurations. By doing so, they can create a new administrative user and gain complete system access.

Impact

Exploitation of this vulnerability allows local users to execute code with elevated privileges, specifically as the LocalSystem account, and to create new administrative users.

Reproduction

To reproduce this vulnerability, install SprintWork version 2.3.1 (32-bit) on a Windows 10 system. After installation, a low-privileged user account can be created. Due to insecure folder permissions, the 'nvlsimw.exe' executable, which is supposed to be created for one of the services installed by SprintWork, is missing. This absence can be exploited by transferring a maliciously crafted executable into the application's directory, which the service will execute with elevated privileges, allowing the creation of a new administrative user.