← Advisories

devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation

Low
Advisory ID
ZSL-2019-5506
Release Date
03 February 2019
Vendor
devolo AG - https://www.devolo.com
Affected Version
4.3.1
CVE
CVE-2019-25231
Tested On
Microsoft Windows 7 Ultimate SP1 (EN)
Summary

devolo dLAN® Cockpit is a software tool that allows devolo customers to monitor and optimise their dLAN® network using a software tool.

Description

The application suffers from an unquoted search path issue impacting the service 'DevoloNetworkService' for Windows deployed as part of Devolo dLAN® Cockpit software application. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.

Proof of Concept
devolo_eop.txtTXT
Disclosure Timeline
04.10.2017Vulnerability discovered.
11.10.2017Vendor contacted via email.
14.10.2017No response from the vendor.
15.10.2017Second attempt - Vendor contacted via email.
02.02.2019No response from the vendor.
03.02.2019Public security advisory released.
Credits
Vulnerability discovered by Stefan Petrushevski
References
[1]https://packetstormsecurity.com/files/151525
[2]https://cxsecurity.com/issue/WLB-2019020037
[3]https://exchange.xforce.ibmcloud.com/vulnerabilities/156594
[4]https://www.cve.org/CVERecord?id=CVE-2019-25231
Changelog
03.02.2019Initial release
10.02.2019Added reference [1], [2] and [3]
24.03.2026Added reference [4]