CVE-2021-37364

Name of the Vulnerable Software and Affected Versions OpenClinic GA version 5.194.18

Description The issue concerns insecure permissions in OpenClinic GA, where the Authenticated Users group has modify permission to OpenClinic folders and files by default. This allows a low-privilege account to rename critical files such as mysqld.exe or tomcat8.exe in the bin folders and replace them with malicious files. These malicious files can connect back to an attacking computer, granting system-level privileges due to the service running as Local System. Although a low-privilege user cannot restart the service through the application, a computer restart triggers the execution of the malicious file. Additionally, the application has unquoted service path issues.

Recommendations For OpenClinic GA version 5.194.18, consider restricting the modify permission to the OpenClinic folders and files to prevent low-privilege accounts from renaming or replacing critical files. As a temporary workaround, monitor and restrict access to the mysqld.exe and tomcat8.exe files in the bin folders to minimize the risk of exploitation. Also, address the unquoted service path issues to prevent potential vulnerabilities. At the moment, there is no information about a newer version that contains a fix for this vulnerability.