SMB Insecurely Configured Service

high Nessus Plugin ID 44676

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

At least one insecurely configured Windows service on the remote host is affected by a privilege escalation vulnerability.

Description

At least one insecurely configured Windows service was detected on the remote host. Unprivileged users can modify the properties of these affected services, allowing an unprivileged, local attacker to execute arbitrary code or commands as SYSTEM.

Nessus checked if any of the following groups have permissions to modify executable files that are started by Windows services :

- Everyone
- Users
- Domain Users
- Authenticated Users

Solution

Ensure the groups listed above do not have ChangeConf, WDac, or WOwn permissions. Refer to the Microsoft documentation for more information.

See Also

https://docs.microsoft.com/en-us/windows/desktop/Services/service-security-and-access-rights

Plugin Details

Severity: High

ID: 44676

File Name: smb_insecure_service_config.nbin

Version: 1.164

Type: local

Agent: windows

Family: Windows

Published: 2/22/2010

Updated: 11/12/2021

Dependencies: smb_enum_services.nasl

Risk Information

CVSS Score Source: manual

CVSS Score Rationale: Based on vendor documentation

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

Required KB Items: SMB/svcs, SMB/transport, SMB/name, SMB/login, SMB/password

Reference Information

IAVT: 0001-T-0753