Edgemo Local Admin Service Privilege Escalation Vulnerability

A local privilege escalation vulnerability has been identified in Edgemo Local Admin Service version 1.2.7.23180, now owned by Danoffice IT. The issue arises from improper access control in the Windows Communication Foundation (WCF) endpoint of the Local Admin Service. This vulnerability allows a local user to escalate privileges to local administrator by directly communicating with the LocalAdminService.exe named pipe, bypassing client-side group membership restrictions.

Impact

Exploitation of this vulnerability allows any local user to gain administrative privileges on the machine.

Reproduction

The vulnerability can be reproduced by creating a custom client that connects to the WCF service without the required group membership. The client can use the 'Elevate' operation to escalate privileges to local administrator. After sending the elevation request, the client can verify if the elevation was successful by checking the user's administrative status.