Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-50592
PUBLISHED
More InfoOfficial Page
Assigner-SEC-VLab
Assigner Org ID-551230f0-3615-47bd-b7cc-93e92e730bbf
View Known Exploited Vulnerability (KEV) details
Published At-08 Nov, 2024 | 12:15
Updated At-03 Nov, 2025 | 22:28
Rejected At-
▼CVE Numbering Authority (CNA)
Local Privilege Escalation via Race Condition

An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a race condition in the Elefant Update Service during the repair or update process. When using the repair function, the service queries the server for a list of files and their hashes. In addition, instructions to execute binaries to finalize the repair process are included. The executables are executed as "NT AUTHORITY\SYSTEM" after they are copied over to the user writable installation folder (C:\Elefant1). This means that a user can overwrite either "PostESUUpdate.exe" or "Update_OpenJava.exe" in the time frame after the copy and before the execution of the final repair step. The overwritten executable is then executed as "NT AUTHORITY\SYSTEM".

Affected Products
Vendor
HASOMED
Product
Elefant Software Updater
Default Status
unaffected
Versions
Affected
  • <1.4.2.1811 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-367CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Type: CWE
CWE ID: CWE-367
Description: CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-26CAPEC-26 Leveraging Race Conditions
CAPEC ID: CAPEC-26
Description: CAPEC-26 Leveraging Race Conditions
Solutions

The vendor fixed the issue in version 1.4.2.1811 (or higher) of the Elefant Software Updater which can be downloaded from hasomed.de/produkte/elefant/ https://hasomed.de/produkte/elefant/ or via the Elefant Software Updater itself.

Configurations
Workarounds

While workarounds such as modifying the Elefant windows firewall rules and manually adjusting file permissions in the installation folder are feasible workarounds for some of the vulnerabilities, it is recommended to install the patches provided by the vendor.

Exploits
Credits
finder
Tobias Niemann, SEC Consult Vulnerability Lab
finder
Daniel Hirschberger, SEC Consult Vulnerability Lab
finder
Florian Stuhlmann, SEC Consult Vulnerability Lab
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://r.sec-consult.com/hasomed
third-party-advisory
https://hasomed.de/produkte/elefant/
patch
Hyperlink: https://r.sec-consult.com/hasomed
Resource:
third-party-advisory
Hyperlink: https://hasomed.de/produkte/elefant/
Resource:
patch
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
hasomed
Product
elefant_software_updater
CPEs
  • cpe:2.3:a:hasomed:elefant_software_updater:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.4.2.1811 (custom)
Metrics
VersionBase scoreBase severityVector
3.17.0HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://seclists.org/fulldisclosure/2024/Nov/3
N/A
Hyperlink: http://seclists.org/fulldisclosure/2024/Nov/3
Resource: N/A
Details not found