Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-50591
PUBLISHED
More InfoOfficial Page
Assigner-SEC-VLab
Assigner Org ID-551230f0-3615-47bd-b7cc-93e92e730bbf
View Known Exploited Vulnerability (KEV) details
Published At-08 Nov, 2024 | 12:01
Updated At-03 Nov, 2025 | 22:28
Rejected At-
▼CVE Numbering Authority (CNA)
Local Privilege Escalation via Command Injection

An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a command injection vulnerability in the Elefant Update Service. The command injection can be exploited by communicating with the Elefant Update Service which is running as "SYSTEM" via Windows Named Pipes.The Elefant Software Updater (ESU) consists of two components. An ESU service which runs as "NT AUTHORITY\SYSTEM" and an ESU tray client which communicates with the service to update or repair the installation and is running with user permissions. The communication is implemented using named pipes. A crafted message of type "MessageType.SupportServiceInfos" can be sent to the local ESU service to inject commands, which are then executed as "NT AUTHORITY\SYSTEM".

Affected Products
Vendor
HASOMED
Product
Elefant Software Updater
Default Status
unaffected
Versions
Affected
  • <1.4.2.1811 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-77CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Type: CWE
CWE ID: CWE-77
Description: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-234CAPEC-234 Hijacking a privileged process
CAPEC ID: CAPEC-234
Description: CAPEC-234 Hijacking a privileged process
Solutions

The vendor fixed the issue in version 1.4.2.1811 (or higher) of the Elefant Software Updater which can be downloaded from hasomed.de/produkte/elefant/ https://hasomed.de/produkte/elefant/ or via the Elefant Software Updater itself.

Configurations
Workarounds

While workarounds such as modifying the Elefant windows firewall rules and manually adjusting file permissions in the installation folder are feasible workarounds for some of the vulnerabilities, it is recommended to install the patches provided by the vendor.

Exploits
Credits
finder
Tobias Niemann, SEC Consult Vulnerability Lab
finder
Daniel Hirschberger, SEC Consult Vulnerability Lab
finder
Florian Stuhlmann, SEC Consult Vulnerability Lab
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://r.sec-consult.com/hasomed
third-party-advisory
https://hasomed.de/produkte/elefant/
patch
Hyperlink: https://r.sec-consult.com/hasomed
Resource:
third-party-advisory
Hyperlink: https://hasomed.de/produkte/elefant/
Resource:
patch
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
hasomed
Product
elefant_software_updater
CPEs
  • cpe:2.3:a:hasomed:elefant_software_updater:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.4.2.1811 (custom)
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://seclists.org/fulldisclosure/2024/Nov/3
N/A
Hyperlink: http://seclists.org/fulldisclosure/2024/Nov/3
Resource: N/A
Details not found