PT-2018-17676 · Hola · Hola

Filipe Xavier Oliveira

Published

2018-03-12

Updated

2019-10-03

CVE-2018-6623

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Hola version 1.79.859

Description An issue was discovered that allows an unprivileged user to modify or overwrite the executable with arbitrary code. This could lead to privilege escalation, depending on the user the service runs as. The issue is due to the SERVICE ALL ACCESS access right for the hola svc and hola updater services.

Recommendations For Hola version 1.79.859, consider restricting access to the hola svc and hola updater services to prevent modification or overwriting of the executable until a fix is available. As a temporary workaround, restrict the SERVICE ALL ACCESS access right to minimize the risk of exploitation.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2018-6623

Affected Products

Hola

PT-2018-17676 · Hola · Hola

CVE-2018-6623

Weakness Enumeration

Related Identifiers

Affected Products

References · 3