| Advisory ID | GOVSA.2019.1028.1 |
| Vulnerability Type | CWE-426 Untrusted Search Path (leads to Command Injections / Local Privilege Escalation) |
| Issue Date | 2019-10-28 |
| Updated On | 2019-10-28 (Initial Advisory) |
| Application | Goverlan Reach (Agent) |
| Affected Versions | Goverlan Client Agent v9.20.02 and earlier Goverlan Reach Console v9.20 and earlier Goverlan Reach Server v3.20 and earlier |
| Severity | High |
| Vulnerability Status | Update Released |
Summary
A vulnerability has been reported which allows a malicious actor to elevate his/her local privilege on a Windows system equipped with the Goverlan Agents. This exploit uses DLL Hijacking which allows a customized DLL to be ran with elevated privileges by the Goverlan Agent GovAgentx64.exe.
| Vulnerability Type | Remotely Exploitable | Impact |
| Command Injection | No | Possible Local Code Execution |
| Local Privilege Escalation | No | Possible Escalation from Standard User to Local Administrative Privileges |
Relevant Products
This exploit is exposed by the Goverlan Agent process: GovAgentx64.exe and GovAgent.exe versions 9.20.02 and earlier.
These Goverlan Client Agent are distributed on remote machine via the Goverlan Reach Console and Goverlan Reach Server versions 9.20 and 3.20 and earlier respectively.
Remediation
| Product | Action |
| Goverlan Reach Console v9.20.XX and earlier | Update to v9.50 or later |
| Goverlan Reach Server v3.20.XX and earlier | Update to v3.50 or later |
| Goverlan Client Agent v9.20.02 | Update to v9.20.50 or later |
Contacts
For further information about this security advisory, or to send us a security alert, please contact security(@)goverlan.com.
Acknowledgement
Goverlan would like to thank author PovlTekstTV for reporting this issue to us.