Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2017060127

Below is a copy:

APC UPS Daemon <= 3.14.14 Local Privilege Escalation[+] Credits: fragsh3ll aka v
[+] Contact: https://twitter.com/fragsh3ll


APC UPS Daemon <= 3.14.14

Vulnerability Type
Privilege Escalation

Vendor Description
Apcupsd can be used for power mangement and controlling most of APCs UPS
models on Unix and Windows machines. Apcupsd works with most of APCs
Smart-UPS models as well as most simple signalling models such a Back-UPS,
and BackUPS-Office. During a power failure, apcupsd will inform the users
about the power failure and that a shutdown may occur. If power is not
restored, a system shutdown will follow when the battery is exhausted, a
timeout (seconds) expires, or runtime expires based on internal APC
calculations determined by power consumption rates. Apcupsd is licensed
under the GPL version 2.

CVE Reference

Vulnerability Details
The default installation of APCUPSD allows a local unprivileged user to run
arbitrary code with elevated privileges by replacing the service executable
apcupsd.exe with a malicious executable, which will run with SYSTEM
privileges at startup.

  RW BUILTIN\Administrators
  RW NT AUTHORITY\Authenticated Users

1) Install the application with default settings.

2) Replace the service executable located at C:\apcupsd\bin\apcupsd.exe
with an executable of your choice.

3) Restart the service or computer, the executable will run.

Disclosure Timeline:
4/17/17 - Vendor notified
4/17/17 - Vendor acknowledged
5/6/17 - Vendor still working
6/5/17 - No response
6/14/17 - No response
6/15/17 - Public disclosure

Copyright ©2017 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.