Portrait Display SDK PdiService Insecure Privileges Local Privilege Escalation

high Nessus Plugin ID 99727

Synopsis

The Portrait Displays SDK Service (PdiService) running on the remote Windows host is affected by a privilege escalation vulnerability.

Description

The Portrait Displays SDK Service (PdiService) running on the remote Windows host is affected by a privilege escalation vulnerability due to insecurely configured permissions. The service is writable to all authenticated users on the system while running with AUTHORITY/SYSTEM privileges. A local attacker can exploit this to run arbitrary code with SYSTEM privileges.

Solution

Apply the vendor-supplied patch. Alternatively, use the following command to remove read/write permissions from 'Authenticated Users' :

sc sdset pdiservice D:(A;;CCLCSWRPWPDTLOCRRC;;;SY) (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU) (A;;CCLCSWLOCRRC;;;SU)

See Also

http://www.nessus.org/u?17cb896e

https://seclists.org/fulldisclosure/2017/Apr/104

http://www.portrait.com/securityupdate.html

https://www.kb.cert.org/vuls/id/219739/

Plugin Details

Severity: High

ID: 99727

File Name: portrait_display_sdk_cve-2017-3210.nasl

Version: 1.5

Type: local

Agent: windows

Family: Windows

Published: 4/28/2017

Updated: 11/22/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/insecure_svcs

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/18/2017

Vulnerability Publication Date: 4/18/2017

Reference Information

CVE: CVE-2017-3210

BID: 98006

CERT: 219739

IAVB: 2017-B-0049