Ocuco Innovation Privilege Escalation Vulnerability via JOBENTRY.EXE

A privilege escalation vulnerability has been identified in Ocuco Innovation version 2.10.24.51. This vulnerability allows local attackers to gain unauthorized administrative access by manipulating the application's TCP packet interception and modification process. The exploitation bypasses authentication checks, enabling attackers to access sensitive functions within the software.

Impact

Exploitation of this vulnerability could lead to unauthorized administrative access, allowing attackers to manipulate critical data, disrupt normal operations, and potentially cause legal and reputational damage.

Reproduction

To reproduce this vulnerability, intercept TCP packets while logged into the Ocuco Innovation software with administrative privileges. Modify the intercepted packets by replacing certain bytes with whitespace characters. This manipulation triggers an access violation error, which can be exploited to bypass authentication requirements. Once the access controls are bypassed, the software can be used as an administrator, with the ability to create new administrative users or access other sensitive functions without authorization.

Remediation

It is recommended to restrict network access to this software to authorized users only until a patched version is available. Additionally, implementing stronger authentication mechanisms, using encrypted communication channels, and conducting regular security audits can help mitigate this vulnerability.