Vulnerabilities > CVE-2017-3210 - Configuration vulnerability in multiple products

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
portrait
fujitsu
hp
philips
CWE-16
nessus
NVD
Published: 2018-07-24
Updated: 2019-10-09

Summary

Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.

Vulnerable Configurations

Part Description Count
Application
Portrait
1
Application
Fujitsu
3
Application
Hp
2
Application
Philips
2

Common Weakness Enumeration (CWE)

Nessus

NASL familyWindows
NASL idPORTRAIT_DISPLAY_SDK_CVE-2017-3210.NASL
descriptionThe Portrait Displays SDK Service (PdiService) running on the remote Windows host is affected by a privilege escalation vulnerability due to insecurely configured permissions. The service is writable to all authenticated users on the system while running with AUTHORITY/SYSTEM privileges. A local attacker can exploit this to run arbitrary code with SYSTEM privileges.
last seen2020-06-01
modified2020-06-02
plugin id99727
published2017-04-28
reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/99727
titlePortrait Display SDK PdiService Insecure Privileges Local Privilege Escalation

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/142312/SA-20170425-0.txt
idPACKETSTORM:142312
last seen2017-04-26
published2017-04-26
reporterW. Schober
sourcehttps://packetstormsecurity.com/files/142312/Portrait-Display-SDK-Service-Privilege-Escalation.html
titlePortrait Display SDK Service Privilege Escalation

References