CVE-2023-3181:Privilege Escalation Vulnerability in Splashtop Software Updater

splash
Back

Description Preview

CVE-2023-3181 is a privilege escalation vulnerability in Splashtop Software Updater. The vulnerability occurs when the uninst.exe process creates a folder at C:\Windows\Temp~nsu.tmp and copies itself as Au_.exe. This file is automatically launched with SYSTEM privileges during system reboot or when a standard user runs an MSI repair using Splashtop Streamer's Windows Installer. Since the temporary folder inherits permissions from C:\Windows\Temp and Au_.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to this location and execute it with elevated privileges.

Overview

This vulnerability affects the Splashtop Software Updater component and allows local privilege escalation from a standard user to SYSTEM level access. The issue stems from insecure file operations and DLL hijacking vulnerabilities in the uninst.exe process. When this process executes, it creates a temporary folder at C:\Windows\Temp~nsu.tmp and copies itself there as Au_.exe. This copied executable runs with SYSTEM privileges but is vulnerable to DLL hijacking. Since standard users typically have write access to the C:\Windows\Temp directory, and the temporary folder inherits these permissions, an attacker can place malicious DLLs in this location that will be loaded by Au_.exe when it runs with elevated privileges, effectively allowing privilege escalation.

Remediation

  1. Update Splashtop Software Updater to the latest version that addresses this vulnerability.
  2. Implement proper access controls for temporary directories used by the application.
  3. Ensure that the application validates and secures paths before executing files from them.
  4. Consider implementing application whitelisting to prevent unauthorized DLLs from being loaded.
  5. Monitor for suspicious file creation in the C:\Windows\Temp~nsu.tmp directory.
  6. Apply the principle of least privilege for service accounts and processes.
  7. Contact Splashtop support for specific patch information if not already available.

References

  1. Mandiant Vulnerability Disclosure: https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0015.md
  2. MITRE CVE Entry: CVE-2023-3181
  3. Splashtop Security Advisories (check for updates related to this vulnerability)

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing: Medium
    Manufacturing
  2. Educational Services: Low
    Educational Services
  3. Health Care & Social Assistance: Low
    Health Care & Social Assistance
  4. Transportation & Warehousing: Low
    Transportation & Warehousing
  5. Finance and Insurance: Low
    Finance and Insurance
  6. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  7. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  8. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  9. Public Administration: Low
    Public Administration
  10. Retail Trade: Low
    Retail Trade
  11. Accommodation & Food Services: Low
    Accommodation & Food Services
  12. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  13. Construction: Low
    Construction
  14. Information: Low
    Information
  15. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  16. Mining: Low
    Mining
  17. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  18. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  19. Utilities: Low
    Utilities
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background