Detections
Analytics
SMB Insecurely Configured Service
high Nessus Plugin ID 44676
Language:
Synopsis
At least one insecurely configured Windows service on the remote host is affected by a privilege escalation vulnerability.Description
At least one insecurely configured Windows service was detected on the remote host. Unprivileged users can modify the properties of these affected services, allowing an unprivileged, local attacker to execute arbitrary code or commands as SYSTEM.Nessus checked if any of the following groups have permissions to modify executable files that are started by Windows services :
- Everyone
- Users
- Domain Users
- Authenticated Users
Solution
Ensure the groups listed above do not have ChangeConf, WDac, or WOwn permissions. Refer to the Microsoft documentation for more information.See Also
https://docs.microsoft.com/en-us/windows/desktop/Services/service-security-and-access-rights
Plugin Details
Severity: High
ID: 44676
File Name: smb_insecure_service_config.nbin
Version: 1.240
Type: local
Agent: windows
Family: Windows
Published: 2/22/2010
Updated: 11/12/2024
Supported Sensors: Nessus Agent, Nessus
Risk Information
CVSS Score Rationale: Based on vendor documentation
CVSS v2
Risk Factor: High
Base Score: 7.2
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: manual
CVSS v3
Risk Factor: High
Base Score: 7.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Information
Required KB Items: SMB/name, SMB/login, SMB/password, SMB/svcs, SMB/transport
Reference Information
IAVT: 0001-T-0753